It has been said numerous times that Bitcoin is not truly anonymous. Almost everyone (except maybe some law enforcers) considers this to be a drawback.
I won’t argue for or against anonymization in terms of privacy in this post. I want to analyze the effect of public transaction history in the bootstrapping of the coin. First I want to point out that total anonymization has been studied and achieved in many other e-cash protocols. The first of them used a cryptographic scheme called blind signatures.
Total anonymization can be summarized as:
- Private transaction source / destination accounts (untraceable bills).
- Private account balances.
- Private transaction amounts.
I found that adding total anonymization to Bitcoin is in fact quite simple (I will elaborate this in another post). But wonder if total anonymization would help bootstrapping a new decentralized coin or prevent it.
Private account balances means that new users joining a coin network may distrust the coin creators, because they cannot be immediately sure if the coin creators have accumulated big amounts of money without going through the mining process. In Bitcoin, transactions are public so every user can easily judge for himself. Also in a total anonymous coin network, users should have to be a lot more careful and validate the underlying cryptography scheme. A hack on the scheme could allow a malicious user to generate coins from thin ear, and go completely unnoticed for years. This is exactly what Bitcoin tries to prevent by design.
Maybe Bitcoin “pseudonymous” should not be regarded as a drawback but a necessary condition to allow a seamless coin bootstrap, and the establishment of a rapid network effect.
I find that Bitcoin is much more a innovative peer-to-peer cash system than a cryptographic currency, because is has no inherent cryptographic innovation regarding anonymization.
#1 by George on November 24, 2011 - 9:59 pm
I am profoundly interested your proposal regarding “adding total anonymization to Bitcoin” (hopefully without adding a central “Chaum-style” server)
Would you please notify me when you write the relevant post ?
#2 by bitslogus on November 25, 2011 - 2:33 pm
Hi George, adding total anonymization to Bitcoin is easy if you know cryptography: you must create encrypted bills with a cryptosystem that allows re-encryption (sometimes called universal re-masking), but the system has a drawback: it cannot divide or combine bills anonymously, so you must create bills of different amounts (say powers of 10), and then you need a system to provide exchange (a $ 100 bill for ten $ 10 bills, etc..)
I’m working (in my little free time) in a p2p protocol that provides total anonymization. It has a innovative property: it is a divisible/combinable-coin anonymous e-cash cryptosystem, which means that coins can be divided into subcoins or combined into coins of higher value, and all operations private and secure.
Because the lack of free time, I’m open to co-authoring the paper with anybody that can work out the proofs.
#3 by George on November 25, 2011 - 8:57 pm
Well, sadly my crypto knowledge is far from what is needed for co-authoring a paper, but I will eagerly watch this space and maybe try to point some more cryptographically gifted people your way.
P.S.: a link to a “universal remasking” paper (or, better yet, executive summary dumbed down enough for an economist grasp the gist of the idea ;~) ) would be very appreciated
#4 by cunicula on April 10, 2012 - 5:28 am
I think you should be careful not to overestimate the benefits of full anonymity. It is probably not worth doing if it makes the system more burdensome for users who are happy with psuedonymity 90% of users won’t ever need anonymity Even among those who can use the feature, they probably will only need anonymity for a small minority of their txns.
#5 by 01 on April 10, 2012 - 12:21 pm
Well, I would humbly disagree with cunicula – total anonymization would be very useful, if done. However, I’m kinda lost as to how it is supposed to be achieved and got to second George’s request for paper…
#6 by Ray on March 29, 2014 - 5:07 am
It’s my opinion that total anonymity is a huge drawback for any cryptocurrency. Aside from getting immediately declared illegal and attacked by the lions, you’d be giving the predators the tools they need to perform predation upon normal people. And semi-solutions like bitcoin’s pseudonymity are almost useless because they’re very easy to defeat for pattern matching software.
What is needed is a way to easily achieve hard anonymity for small amounts, that makes it increasingly difficult, expensive, and time consuming to achieve hard anonymity as amounts get larger. IOW, If Alice is buying a dirty magazine and a sex toy she should be able to absolutely rely on that transaction being private if she pays an extra dime or two and waits a couple minutes. If Bob is ripping off a thousand investors for ten thousand dollars each, he should not be able to make that ten million dollars totally anonymous without sacrificing at least a quarter of it and starting a process that could take a few years to complete.
I believe that I’ve found a way to do exactly this. I’ll try to blog a paper about it in the next couple of weeks.
#7 by SDLerner on March 31, 2014 - 4:55 pm
I think differently: that on the long run transaction privacy will reach the masses in Bitcoin or in an alt-coin. Governments will have to rely on Known-Your-Customer (KYC) regulations but will not be able to white-list, black-list or red-list transactions based on transaction history. A few days ago I sent my preliminary version of the AppeCoin anonymous coin to group of researchers for feedback. AppeCoin allows you to differentiate between high values transactions (which may not be allowed to go private) and low valued ones. But probably there won’t be a consensus over the threshold since many governments and legal jurisdictions may impose their own different thresholds. Then it’s not clear to me how this separation could be imposed.