• /

Privacy on Bitcoin and Ethereum

Privacy on a completely public ledger?

As we mentioned in the first lesson, blockchains such as Bitcoin and Ethereum are only pseudonymous, so that knowing someone’s wallet address is enough to find out all their token balances and transaction history. This is because blockchains are essentially public ledgers, where all transaction data is typically available for anyone to see.

In fact, the data has to be public in order for users and miners to be able to verify that transactions are legitimate. There are ways around this, through encrypting the details of each transaction, but we’ll get to this in the following lesson.

Right now, we’re interested in Bitcoin and Ethereum (since most other blockchains work in a similar way), and these networks make all the transaction data completely public. So, how is it possible to make private transactions on a network where absolutely everything can be seen by anyone with an internet connection?

Coin mixers

This is where coin mixing services come in. Mixing essentially refers to a process in which many users send their Bitcoin to one address (the same works for other coins, but we’ll use Bitcoin as an example) and then have it sent from that wallet to the destination. These transactions are, of course, visible on the blockchain, but given that the mixing wallets have a huge number of inputs and outputs, connecting an input with a particular output becomes impossible.

To some extent, this is even possible on centralized exchanges, since their wallets typically have a large number of transactions (and can work as a form of mixer), but it isn’t practical for situations where privacy is extremely important. After all, even though no other user can see who made an exchange withdrawal, this data is know to the exchange itself. And given that exchanges often have KYC (users need to reveal their identity by submitting an ID), it’s obvious why this isn’t ideal.

So, now we’ll look into the two main types of dedicated mixing services, namely centralized and decentralized ones.

Centralized coin mixers

Centralized coin mixers are the simplest, and they work in the basic way described above: a user sends their Bitcoin to a mixing wallet operated by a centralized service, and then the wallet sends different, untraceable coins to the destination address. Centralized solutions aren’t ideal, however, due to privacy and security concerns.

For one thing, the mixer (or rather the entity operating the mixing service) knows which wallet sent and received which transaction, so they could potentially reveal this information if they were bribed or forced by the authorities to do so. What’s more, there’s a further problem that comes from the centralized nature of such mixers: since they’re operated by specific individuals or companies, the only guarantee that the mixer will send out the outgoing transaction when it receives the coins is essentially trust.

After all, the mixer could simply keep the coins and not make the payment – of course, a reputable service isn’t likely to do so, but then again, having large sums of money depend only on trust is not exactly something that people in crypto are very keen on (and for good reason).

Decentralized mixers

The problems mentioned above are solved by decentralized mixing services, the most popular of which is the CoinJoin model, which was proposed already in 2013. In order to understand how it works, we need to keep in mind how Bitcoin transactions work. Aside from the simplest form of transaction, in which wallet A sends a certain amount of coins to wallet B, there are also other, more complex types.

A transaction can have multiple inputs, multiple outputs, or both, and a transaction with multiple inputs needs to be signed by all the sending wallets. This is what enables the CoinJoin model, which consists in having multiple inputs and multiple outputs for the same transaction.

A user (referred to as the coordinator) creates the transaction, which all the other users have to sign. Since everyone sees what they’re signing, there’s no risk that the coordinator could run away with their coins. You can see an example of this above in the picture, where we have five transaction inputs and five outputs (in reality the outputs would have to be slightly less than the inputs to account for the transaction fee, but this is only a general explanation of the concept).

It’s impossible to link any input to any particular output, and what’s more, it’s even impossible to say how many participants there are, since this could be one user sending their coins from five different wallets, five users with one wallet each, or anything in between.