This will get
way too long if I do not focus on some short portions of your post:
If/when Bitcoin gets real privacy, I expect that it will also embrace “selective disclosure”. That would preserve irrevocable, undeniable, irrefutable blockchain information for legitimate use cases—while locking out the prying eyes of hackers, cyberstalkers,
armed robbers, kidnappers seeking ransom, and commercial espionage that seeks to infer competitive business plans from financial transaction data.
I am a little bit surprised that you did not put governments into your above list. Don't get me wrong, I am not anti-government [...]
I intentionally omitted governments. Selective disclosure systems are a foolish way for individuals to hide money from the government—unless you are
also strongly anonymous.
To illustrate how a future Bitcoin with strong privacy may work, you can try an experiment right now, if you are willing to try altcoins:
Go to Gemini (or if you’re in Europe: The Rock Trading). Buy ZEC. Do a shielding withdraw.
Tyler Winklevoss is an outspoken advocate for strong privacy. Congrats, your money is now 100% invisible to the public. Snoops, spies, and random miscreants cannot use Zcash blockchain data to track how much ZEC you are accumulating.
Now, try to use your ZEC wallet to hide money from the tax man, or to engage in some sort of criminal activity. Oh, fork!
Gemini has your KYC dox.The moment that the government becomes suspicious of you for whatever reason, they will apply some legal process to obtain your Gemini records. Then, cops or alphabet-soup will knock on your door, badge in one hand and gun in the other, and demand from you your view keys. At that point, being stubborn about keeping your view keys secret seems to me like a very good way to go straight to prison.
(This is NOT legal advice. I am simply discussing my opinion of an entirely hypothetical scenario.)
I expect that
in practice, a Bitcoin with strong privacy would work the same way.Gauging by his attitude toward Zcash, it is reasonable to expect that Tyler Winklevoss would probably love to see that. So would many other big Bitcoiners.
Satoshi himself wanted such a thing:This is a very interesting topic. If a solution was found, a much better, easier, more convenient implementation of Bitcoin would be possible.
[...]
It's hard to think of how to apply zero-knowledge-proofs in this case.
Satoshi wrote those words 3–4 years before the
Zerocoin for Bitcoin proposal,
cryptographic research breakthroughs which ultimately made such a thing more practical, and
an attempt to apply those breakthroughs to Bitcoin. Satoshi wrote those words 8 years before, in my opinion, ZK proof coins started to become minimally viable for mass adoption (Zcash Sapling, 2018)—12 years before now, in 2022, I declare the technology
mature for mass adoption: Halo2, which is totally trustless (
no “trusted setup”!), high-performance, and open-source so it can be reused without re-inventing the wheel.
[Edit: Some corrections were made and links were added to this paragraph, which was originally based only on my admittedly fuzzy recollections of how I watched Zerocoin, Zerocash, etc. unfold at the time.]But even a zero-knowledge version of Bitcoin would not much help you hide money from the government—as long as the government trivially knows who you are and where to find you.
Unless you love huge risks of going to prison, the
only way to use cryptocurrency to hide money from the government is if you are anonymous—in practice, if you have never, ever done exchange KYC even once. How many Bitcoiners do you know who have never, ever done exchange KYC even once?
After Satoshi himself, how many Bitcoiners have even
tried to be strongly anonymous? Some. Very few. For better or for worse (I think for much worse), they are negligible and marginal.
I am totally against KYC. But that is a distinct, albeit overlapping issue.
The issue here is that
with selective disclosure systems, a targeted investigation can coerce you to hand over your view keys. Nonetheless, you are protected from hackers, cyberstalkers, armed robbers, kidnappers seeking ransom, and commercial espionage.Why does Phil love hackers, cyberstalkers, armed robbers, kidnappers seeking ransom, and commercial espionage?[...] because sometimes governments do have reasons to get involved in compiling information generally and sometimes they also have legitimate reasons to get into specifics and including some personal information matters, and sometimes their getting involved in compiling, composing and even snooping on citizens does have some legitimate public interest purposes.. but at the same time, we have seen that some of the governmental departments have become abusive with their access to some of the various kinds of private information.. and for sure, these are ever evolving lines in terms of how the internet contributes to a lot of free flow of information and disinformation too.. but then sometimes governments are not even always playing fairly with their attempts to engage in oversight or maybe even refrain from employing their own disinformation tactics..
The system that I advocate
does stop dragnet mass-surveillance by governments. I guess that’s probably why Snowden loves this type of system. (Don’t forget that Snowden himself started his career as a U.S. Army man, then worked for the CIA, then worked a contractor for the NSA: He is not anti-government, but is conscionably opposed to abuses by governments.)
As it stands,
the Bitcoin blockchain is like putting a completely public webcam in your bedroom to make sure that you’re not doing anything bad. Not even a webcam that is wired to police headquarters, which is my usual metaphor for mass-surveillance: A
public webcam, which anonymous criminals can view anytime they want!
A strongly-private Bitcoin with selective disclosure would give you privacy similar to what you physically have in your home.If you do something illegal in your home, then the police can obtain a search warrant. They can come into your home, and look through your stuff. If necessary, they can kick down your door with guns drawn. I am not stating my opinion of that either way: I am stating a fact, which is pretty much just a fact of life. In what most people would deem reasonable jurisdictions, the police need a search warrant based on probable cause.
If you do something illegal with a strongly-private Bitcoin, then the police will demand your view keys. Good luck refusing them.
A strongly-private Bitcoin
would stop law enforcers from scanning and analyzing
everybody’s blockchain finances, on the presumption that everybody is guilty until proved innocent. That’s like stopping the police (or the NSA) from mass-tapping everybody’s phone calls, emails, and websurfing.
A strongly-private Bitcoin would also have perfect fungibility. And it would probably put Chainalysis out of business, or at least force them to find a non-scumbag business model. And it would probably make Mike Hearn cry. The whole toxic notion of “coin taint” would be dead forever.
There are no downsides to this!