{"id":23325,"date":"2017-08-18T17:23:43","date_gmt":"2017-08-18T17:23:43","guid":{"rendered":"http:\/\/ci027cfe6f100a2697"},"modified":"2017-08-18T17:23:43","modified_gmt":"2017-08-18T17:23:43","slug":"hiddenwallet-and-samourai-wallet-join-forces-make-bitcoin-private-zerolink","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/culture\/hiddenwallet-and-samourai-wallet-join-forces-make-bitcoin-private-zerolink","title":{"rendered":"HiddenWallet and Samourai Wallet Join Forces to Make Bitcoin Private With ZeroLink"},"content":{"rendered":"
<\/div>
<\/figure>\n

\u00c1d\u00e1m \u201cnopara73\u201d Fics\u00f3r, HiddenWallet<\/a> developer and TumbleBit contributor<\/a>, and \u201cTDevD,\u201d the pseudonymous Samourai wallet<\/a> developer, are joining forces on a new privacy project: ZeroLink. ZeroLink is set to realize a trustless mixing scheme first proposed<\/a> by Bitcoin Core<\/a> contributor Gregory Maxwell years ago \u2014 but one that hasn\u2019t been realized thus far.<\/p>\n

According Fics\u00f3r, the ZeroLink framework, which utilizes a scheme known as \u201cChaumian CoinJoin,\u201d is actually more straightforward than many of the alternatives that have been proposed.<\/p>\n

\u201cBack in 2013, there was this sort of obsession with decentralization. \u2018Everything that can be decentralized will be decentralized\u2019 was the slogan,\u201d the developer recalls. \u201cBy now we realize that decentralization is actually not always that useful. As long as a mixer cannot steal funds or link transactions, that\u2019s enough.\u201d<\/p>\n

CoinJoin<\/h3>\n

Each Bitcoin transaction essentially sends bitcoins from one or several Bitcoin addresses (really: \u201cinputs\u201d) to one or several Bitcoin addresses (really: \u201coutputs\u201d). That\u2019s how bitcoins \u201cmove\u201d over the blockchain.<\/p>\n

The problem, from a privacy perspective, is that the blockchain is completely public, which means that anyone can see which addresses are paying which addresses. If these addresses can be linked to real-world identities, it can reveal a lot about who transacted with whom, and perhaps for what.<\/p>\n

CoinJoin<\/a>, the well-known coin-mixing scheme first proposed by Maxwell in 2013, is a potential solution to this problem. A CoinJoin transaction is basically a combination of several transactions merged into one big transaction. In other words, it includes inputs from several different users, and the bitcoins move to outputs controlled by several different users. As such, it\u2019s not clear which bitcoins moved where. All users effectively paid all users.<\/p>\n

While that\u2019s great, the next problem is that whomever or whatever combines the different transactions into one CoinJoin transaction can be a central point of failure from a privacy perspective. That person (or that server, or whatever it is) still knows which bitcoins moved where. So if that individual is either corrupt or corruptible, the problem isn\u2019t really solved.<\/p>\n

\u201cFor CoinJoin to live up to its promise, even the entity that creates the transaction must not learn which addresses are paying which addresses,\u201d Fics\u00f3r noted.<\/p>\n

ZeroLink<\/h3>\n

ZeroLink provides a privacy framework for wallets that can be used for different mixing schemes. And it defines its own mixing technique as well: an implementation of CoinJoin referred to as \u201cChaumian CoinJoin.\u201d <\/p>\n

With Chaumian CoinJoin, users both send and receive equal amounts of bitcoin from a CoinJoin transaction, so everyone receives each other’s coins. This obfuscates the trails for all of these coins.<\/p>\n

In practice, ZeroLink users will require two types of wallets: a pre-mix wallet and a post-mix wallet. As the names suggest, the first type holds coins that are to be mixed, while the latter is where the mixed coins end up.<\/p>\n

Users then connect their pre-mix wallets to the ZeroLink tumbler and provide an input (\u201cfrom\u201d address) and an output (\u201cto\u201d address), which they both control. But importantly, the outputs are disguised (\u201cblinded\u201d) using a mathematical trick. So while the tumbler knows where all bitcoins are sent from, it does not yet know where bitcoins are sent to.<\/p>\n

At the heart of the trick, the tumbler then cryptographically signs all blinded outputs, using a type of cryptographic signature introduced by David Chaum: a \u201cblind signature<\/a>.\u201d This allows data to be cryptographically signed even if it is disguised. And importantly, these signatures can be checked against the original, unblinded data as well to see if the blinded data and the unblinded data match.<\/p>\n

Next, all users connect to the tumbler again, but this time through some type of anonymity network, like Tor. They will then provide the tumbler with the unblinded versions of the outputs. Using the cryptographic signatures it just created, the tumbler can check that all revealed outputs match all blinded outputs. If they do match, the tumbler knows that all the outputs it received are legitimate, and thus were provided by the same users that also provided the inputs to send funds.<\/p>\n

The tumbler then adds the revealed outputs to the CoinJoin transaction. And it sends this transaction back to all users, for these users to sign with their Bitcoin private keys. Doing so validates the transaction. (The users should of course double check that the amounts and their outputs check out, to be sure they receive as much as they send.)<\/p>\n

Finally, the tumbler broadcasts the CoinJoin transaction to be included in a Bitcoin block. As a result, all users end up with different bitcoins than they started with: all bitcoins were mixed, and the blockchain trails broken.<\/p>\n

While all this is actually relatively straightforward compared to some alternative schemes, and to a large extent already suggested by Maxwell back in 2013, the process has never been realized. This is probably because it was long thought to be too vulnerable to attacks, Fics\u00f3r thinks.<\/p>\n

\u201cWhen Maxwell first published the proposal, Bitcoin transaction fees were practically non-existent. Because of this, it would be relatively easy and cheap to launch denial of service attacks against a CoinJoin mixing system. An attacker can just keep providing valid inputs, but refuse to sign when he should. That invalidates the whole transaction, and wastes everyone\u2019s time.\u201d<\/p>\n

Interestingly, this attack vector is now to some extent resolved simply because it would be too expensive to keep it going. In order to maintain the attack in a way that it\u2019s not easily countered, an attacker must provide new inputs for each round, meaning he must be able to keep moving bitcoins to new addresses to do so. \u201cAssuming $1 transaction fees, that could cost up to $1,000 a day,\u201d Fics\u00f3r pointed out. \u201cIn this particular context, high fees are a blessing in disguise.\u201d<\/p>\n

Development<\/h3>\n

Fics\u00f3r is currently about to help wrap up the development of another highly anticipated privacy tool, TumbleBit<\/a>, for Stratis\u2019s Breeze Wallet<\/a>. This is expected to take another three months.<\/p>\n

After that, he plans to focus on realizing ZeroLink, while TDevD may even start working on the framework sooner. Concretely, three new codebases need to be developed: the pre-mix wallet, the tumbler and the post-mix wallet.<\/p>\n

\u201cThe tumbler needs to be developed from scratch. But it should be relatively easy to add the pre-mix wallets to any existing open source wallet. The same is true for the post-mix wallet implementations, though for privacy reasons not all wallets are a good fit,\u201d Fics\u00f3r said.<\/p>\n

His own HiddenWallet as well as Samourai Wallet are \u201cfully committed\u201d to implementing and deploying ZeroLink into production, Fics\u00f3r said, while Breeze Wallet may be interested as well. <\/p>\n

Optimistically, an initial implementation of ZeroLink could be live before the end of this year.<\/p>\n

For more information on ZeroLink, see Fics\u00f3r’s blog post<\/a> on the project (which also includes a donation address<\/a>) or ZeroLink\u2019s specification<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

\u00c1d\u00e1m \u201cnopara73\u201d Fics\u00f3r, HiddenWallet developer and TumbleBit contributor, and \u201cTDevD,\u201d the pseudonymous Samourai wallet developer, are joining forces on a new privacy project: ZeroLink. ZeroLink is set to realize a trustless mixing scheme first proposed by Bitcoin Core contributor Gregory Maxwell years ago \u2014 but one that hasn\u2019t been realized thus far. According Fics\u00f3r, the […]<\/p>\n","protected":false},"author":2509,"featured_media":23326,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[291,73,215,3382,780,2713],"class_list":{"0":"post-23325","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-culture","8":"tag-coinjoin","9":"tag-privacy","10":"tag-samourai","11":"tag-tumblebit","12":"tag-wallet","13":"tag-zerolink"},"author_data":{"id":2509,"name":"Aaron van Wirdum","nicename":"aaron-van-wirdum","avatar_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/12\/aaron-van-wirdum-96x96.jpg"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/hiddenwallet-and-samourai-wallet-join-forces-to-make-bitcoin-private-with-zerolink.jpg","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/23325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/2509"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=23325"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/23325\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/23326"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=23325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=23325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=23325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}