Bitcoin Privacy Protocols

[foggyb]

With Binance delisting of XMR, there seems to be a growing trend that coins with privacy protocols are increasingly becoming a target of governments.

Is there any evidence that Satoshi Nakamoto deliberately avoided adding privacy-related protocols and functionality into Bitcoin in order to avoid the ban-hammer?

If so, how did he justify this decision when the very concept of sound money cannot be implemented in an environment where there is no guarantee of absolute transaction privacy?

[1714242150]

1714242150

[NotFuzzyWarm]

My take on it is that he understood that absolute privacy of transactions - be it BTC, fiat, or whatever - naturally opens the doors to a myriad of illicit uses. Only an immutable and public ledger gives a way to track those uses and yes, if need be, prosecute the folks involved. By being a public ledger he (thought he) removed the ability to use BTC for things that are against 'The Public Good'.

Now, the sticking point is that yes, transactions can be followed through the blockchain BUT who/what has ownership of coins cannot be discovered until they are exchanged into fiat or some type of physical goods which can be linked to people & organizations. He wanted to make sure that BTC had that discovery mechanism.

Of course ones definition of 'illicit activities' and  'The Public Good' largely depends on the individual and their governments...

[Hatchy]

Of course ones definition of 'illicit activities' and  'The Public Good' largely depends on the individual and their governments...

Bitcoin still has its privacy feature but it isn't as strong as it was before centralized bodies had arrived. Before now, there has always been other ways to increase privacy like use of coinjoins which was introduced in 2013.
Satoshi understood a lot about privacy and its negative impact. He somehow knew that if Bitcoin's privacy was as completely strong as that of coin like the monero's, it would lead to more illicit activities using Bitcoin.

Exchanges must follow government rules and avoid trouble, so they might have to remove coins that offer completely untraceable transactions.

[decodx]

Is there any evidence that Satoshi Nakamoto deliberately avoided adding privacy-related protocols and functionality into Bitcoin in order to avoid the ban-hammer?

I'm not so sure if there's solid proof that Satoshi left out privacy stuff in Bitcoin only to steer clear of regulations.  In 2009, crypto and what it could lead to was pretty much uncharted territory.  Rules from government might not have been a main thing on his mind and  seems he cared more about creating a decentralized and immutable digital currency that didn't rely on centralized entity and couldn't be manipulated or faked.  Maybe those goals took priority over making payments impossible to trace.

[Charles-Tim]

Now, the sticking point is that yes, transactions can be followed through the blockchain BUT who/what has ownership of coins cannot be discovered until they are exchanged into fiat or some type of physical goods which can be linked to people & organizations. He wanted to make sure that BTC had that discovery mechanism.

That was so nice of Satoshi Nakamoto. If bitcoin is like monero, it might also not be widely used as it is today. Nearly all countries do not ban bitcoin and the discovery mechanism would be one of the reasons many countries do not ban the coin.

Satoshi understood a lot about privacy and its negative impact. He somehow knew that if Bitcoin's privacy was as completely strong as that of coin like the monero's, it would lead to more illicit activities using Bitcoin.

Exactly. But it is worth knowing that fiat is mostly used for illicit activities today. It is mostly used for money laundry, terrorism financing, ransom and bandits funding etc. So far something is of value and can be easily transfer from one person to another as a money, some people will want to use such thing for illicit activities.

[tread93]

Now, the sticking point is that yes, transactions can be followed through the blockchain BUT who/what has ownership of coins cannot be discovered until they are exchanged into fiat or some type of physical goods which can be linked to people & organizations. He wanted to make sure that BTC had that discovery mechanism.

That was so nice of Satoshi Nakamoto. If bitcoin is like monero, it might also not be widely used as it is today. Nearly all countries do not ban bitcoin and the discovery mechanism would be one of the reasons many countries do not ban the coin.

Satoshi understood a lot about privacy and its negative impact. He somehow knew that if Bitcoin's privacy was as completely strong as that of coin like the monero's, it would lead to more illicit activities using Bitcoin.

Exactly. But it is worth knowing that fiat is mostly used for illicit activities today. It is mostly used for money laundry, terrorism financing, ransom and bandits funding etc. So far something is of value and can be easily transfer from one person to another as a money, some people will want to use such thing for illicit activities.

Well I wouldn't say mostly used for illicit activities it is surely used by the entire world basically and is very convenient but in the event that it is used for an illicit purpose it is indeed completely untracable. Bitcoin they can definitely have a much better chance of tracing the owner.In  Cyber insurance policies they also ban the use of XMR the policies will not pay out in any crypto except for Bitcoin. 

[Text]

-snip
Is there any evidence that Satoshi Nakamoto deliberately avoided adding privacy-related protocols and functionality into Bitcoin in order to avoid the ban-hammer?

If so, how did he justify this decision when the very concept of sound money cannot be implemented in an environment where there is no guarantee of absolute transaction privacy?

I think he was a strong advocate for privacy. He reportedly used the IP-masking browser, Tor, for all his public interactions, which is why his public IP address could never be traced back to him.

He introduced password protection to Bitcoin’s JSON-RPC interface, which was crucial for safeguarding user funds, preserving privacy, and ensuring the stable operation of the Bitcoin node. But when it came to incorporating zero-knowledge proofs (ZK-proofs), a privacy protocol, into Bitcoin, Nakamoto expressed difficulty in figuring out how to apply them.

https://cointelegraph.com/magazine/satoshi-nakamoto-zk-proofs-bitcoin
https://news.bitcoin.com/unraveling-the-online-legacy-of-satoshi-nakamoto-bitcoins-mysterious-creator

So, he may have faced technical challenges in implementing certain privacy protocols in Bitcoin.

The absence of certain privacy protocols in Bitcoin does not necessarily mean he deliberately avoided them to evade regulatory scrutiny. It could be due to technical challenges or a different interpretation of what constitutes sound money. However, this is mostly speculation as Nakamoto himself has not publicly stated his reasons.

[apogio]

I believe Satoshi is a privacy expert.
He created an online persona and there is literally nobody else on this planet that knows this persona is linked with the real person behind Satoshi.

Now, let's speculate, just for fun.

1. Intentional choice:
Perhaps Satoshi wanted to increase our need for self-privacy. Perhaps Satoshi knew that privacy can be achieved with Bitcoin, but that it requires a little more effort.

2. Coincidence:
On April 23, 2011, Satoshi said "I have moved on to other things".

Satoshi Nakamoto <satoshin@gmx.com>   Sat, Apr 23, 2011 at 3:40 PM
To: Mike Hearn <mike@plan99.net>
I had a few other things on my mind (as always). One is, are you planning on rejoining the community at some point (eg for code reviews), or is your plan to permanently step back from the limelight?

I've moved on to other things.  It's in good hands with Gavin and everyone.

I do hope your BitcoinJ continues to be developed into an alternative client.  It gives Java devs something to work on, and it's easier with a simpler foundation that doesn't have to do everything.  It'll get critical mass when impatient new users can get started using it while the other one is still downloading the block chain.

Perhaps Satoshi decided to add Ring Signatures and Stealth Addresses to Bitcoin when it was already too late. And perhaps Satoshi Nakamoto became Nicolas van Saberhagen and developed CryptoNote which is the base layer of Monero.

Conclusion:
Unfortunately we can only speculate. But, in my opinion, Satoshi knew about Ring Signatures and Stealth Addresses and the reason he didn't add them to Bitcoin was because he knew that people would speculate that Bitcoin is only built to support illicit activities. Some people still believe it today. The reason I am saying that, is that there is a message from Satoshi to Gavin Andresen that says:

I wish you wouldn’t keep talking about me as a mysterious shadowy figure, the press just turns that into a pirate currency angle. Maybe instead make it about the open source project and give more credit to your dev contributors; it helps motivate them.

It is obvious that Satoshi Nakamoto wanted to develop a transparent way to transact P2P and that would become widely adopted. Perhaps he intentionally added pseudonymity and not untreacability, so that people wouldn't think Bitcoin was only used for illegal activities. But...

[BlackHatCoiner]

My take on it is that he understood that absolute privacy of transactions - be it BTC, fiat, or whatever - naturally opens the doors to a myriad of illicit uses.

I just don't get how you've reached to this conclusion. There is no message of him discouraging the use of absolute privacy tools. To me it rather seems as he saw it as "private enough".

The possibility to be anonymous or pseudonymous relies on you not revealing any identifying information about yourself in connection with the bitcoin addresses you use.  If you post your bitcoin address on the web, then you're associating that address and any transactions with it with the name you posted under.  If you posted under a handle that you haven't associated with your real identity, then you're still pseudonymous.

You could use TOR if you don't want anyone to know you're even using Bitcoin.

He even talked about key blinding and group signatures long before Monero and other privacy protocols were introduced in concept:

Crypto may offer a way to do "key blinding".  I did some research and it was obscure, but there may be something there.  "group signatures" may be related.

There's something here in the general area:
http://www.users.zetnet.co.uk/hopwood/crypto/rh/

What we need is a way to generate additional blinded variations of a public key.  The blinded variations would have the same properties as the root public key, such that the private key could generate a signature for any one of them.  Others could not tell if a blinded key is related to the root key, or other blinded keys from the same root key.  These are the properties of blinding.  Blinding, in a nutshell, is x = (x * large_random_int) mod m.

When paying to a bitcoin address, you would generate a new blinded key for each use.

In my experience, the simple answers are usually the correct ones. Satoshi simply lacked the competence to do that. It wouldn't be surprising. The very first Bitcoin version was quite simple in concept, and if you read the source code, you could tell it was just above the average. He did some mistakes, like the value overflow or reorganizing based on block height instead of chainwork. Maybe he ignored privacy enhancing techniques on purpose, but that's because it would be more difficult to explain to the public. Another guess: Maybe he didn't ignore them on purpose, but simply because it was too late to introduce them at the date he revealed interest about them.

[NotATether]

He even talked about key blinding and group signatures long before Monero and other privacy protocols were introduced in concept:

Crypto may offer a way to do "key blinding".  I did some research and it was obscure, but there may be something there.  "group signatures" may be related.

There's something here in the general area:
http://www.users.zetnet.co.uk/hopwood/crypto/rh/

What we need is a way to generate additional blinded variations of a public key.  The blinded variations would have the same properties as the root public key, such that the private key could generate a signature for any one of them.  Others could not tell if a blinded key is related to the root key, or other blinded keys from the same root key.  These are the properties of blinding.  Blinding, in a nutshell, is x = (x * large_random_int) mod m.

When paying to a bitcoin address, you would generate a new blinded key for each use.

Actually, now that you mentioned it, I don't think key blinding can be done on secp256k1 unless someone finds a deterministic pattern whereby the user can generate multiple public keys that hash into the same address.

But in the process of doing so, SHA256 will probably be broken in the process since patterns would have to be found in a hash function. But it would make the DER signatures virtually indistinguishable from normal signatures as the lowest such public key can be used for them as a sort of standardness rule.

[dkbit98]

Is there any evidence that Satoshi Nakamoto deliberately avoided adding privacy-related protocols and functionality into Bitcoin in order to avoid the ban-hammer?

It's possible but I don't think Bitcoin would be banned if there was privacy layer from the start.
There is one theory that he (or they) worked for three letter agency because he picked one encryption used in bitcoin that doesn't have a backdoor.
Satoshi was either very lucky or he had classified government information.

If so, how did he justify this decision when the very concept of sound money cannot be implemented in an environment where there is no guarantee of absolute transaction privacy?

There is no absolute transaction privacy with any transactions, even with monero.
I am sure that for Bitcoin we are going to use some interesting second layer solution that will help as achieve much higher level of privacy.
Statechains is one of this options I like very much.

[BlackHatCoiner]

There is one theory that he (or they) worked for three letter agency because he picked one encryption used in bitcoin that doesn't have a backdoor.

You mean the secp256k1 elliptic curve? How do you know it doesn't have a backdoor?

[foggyb]

There is no absolute transaction privacy with any transactions, even with monero.
I am sure that for Bitcoin we are going to use some interesting second layer solution that will help as achieve much higher level of privacy.
Statechains is one of this options I like very much.

And yet there is a desperate and growing need for it as international forces grow stronger in their global reach, and more malevolent in their long-term goals.

Yes, no technical solution is perfect, but the right to private transactions should be legally enshrined so that even if technology falls short in some way, an authority of the people and by the people steps in and protects money rights as an unalienable right, like freedom of speech.

The technical solution and legislation complement each other. We need both.

[NotATether]

There is one theory that he (or they) worked for three letter agency because he picked one encryption used in bitcoin that doesn't have a backdoor.

You mean the secp256k1 elliptic curve? How do you know it doesn't have a backdoor?

To be honest, it doesn't take a government employee to know that the sec-2 curves did not have NIST's oversight on them like the P-123456 labeled curves. The NIST is known to just sit there and not challenge the NSA when it meddles with the algorithms, like this one. So naturally there is more distrust for those elliptic curves than the sec-2 curves.

That being said, it is reasonable to believe that no sec-2 curve has an NSA backdoor. Although that doesn't necessarily mean that they are mathematically hardened, as the safecurves website demonstrates.

[JiiBs]

I believe Satoshi is a privacy expert.
He created an online persona and there is literally nobody else on this planet that knows this persona is linked with the real person behind Satoshi.

Could that really be true, that the founder worked with no one else in this life long invention? That we’ve not had anyone come up to point to us whom the persona is doesn’t mean the truth behind the 8th wonder of the world in the Satoshi Nakamoto isn’t known by some one or some group. It’s just that, the persona have been on top of his/her/their game and had a deep understanding of what they did intend to archive. That’s how I would like to imagine it.

Meanwhile, a privacy protocol that doesn’t give room to traces is something that could be exploited in the worst way possible by governments. It’s some unique quality but in one instance, you serve as mixers and coin offerers all in one. It’s might seem huge but, it as well brings the fight to you as government is known for going after what has gotten a name and they can’t express.

Allowing decentralization and privacy at a level of extra work and service to attain complete privacy was a good step for the founder and that is being proved with the way these non trace/absolute eluding privacy projects is been hit by.

[apogio]

Could that really be true, that the founder worked with no one else in this life long invention? That we’ve not had anyone come up to point to us whom the persona is doesn’t mean the truth behind the 8th wonder of the world in the Satoshi Nakamoto isn’t known by some one or some group. It’s just that, the persona have been on top of his/her/their game and had a deep understanding of what they did intend to archive. That’s how I would like to imagine it.

Satoshi Nakamoto, as a cypherpunk, knew how important privacy is. I am not saying that Satoshi Nakamoto implemented Bitcoin alone, nor that he never interacted with other people. In fact, there are multiple emails where Satoshi Nakamoto exchanged ideas and thoughts with a lot of people. They also had an account in this forum, where he interacted with a lot of users. But, what I am saying is, nobody knew who they were in real life.

If I had a guess, I would speculate that Satoshi Nakamoto and other cypherpunks cooperated in Bitcoin's development. The result (Bitcoin) isn't perfect, but it feels like the creator has thought every single detail. My experience with programming so far has tought me that 2 pairs of eyes is always better than a single pair. Having said that, my guess would be that Satoshi Nakamoto is just one of the people who worked in Bitcoin.

[BlackHatCoiner]

That being said, it is reasonable to believe that no sec-2 curve has an NSA backdoor.

Believing that it doesn't have an NSA backdoor is reasonable. However, you can't throw it around the board as a fact. We don't have evidence of it being free of backdoor. We simply know that it's open for public scrutiny years now, and that a backdoor in such an examined algorithm would be likely discovered by now. That doesn't nullify the doubt.

It’s some unique quality but in one instance, you serve as mixers and coin offerers all in one.

Cash has existed for centuries, in much larger scale, and is equally or even less traceable than Monero. Yet, no user was subjected to using its banknotes for "mixing". Everyone accepted it.

[cryptosize]

With Binance delisting of XMR, there seems to be a growing trend that coins with privacy protocols are increasingly becoming a target of governments.

Is there any evidence that Satoshi Nakamoto deliberately avoided adding privacy-related protocols and functionality into Bitcoin in order to avoid the ban-hammer?

If so, how did he justify this decision when the very concept of sound money cannot be implemented in an environment where there is no guarantee of absolute transaction privacy?

Satoshi wanted to implement XMR features on BTC, long before XMR was born:

https://bitcointalk.org/index.php?topic=770.msg9074#msg9074

Maybe he didn't have enough time, maybe not enough programming expertise, who knows... it's endless speculation at this point.

Also, few people seem to realize that banknotes actually have limited tracing via serial numbers.

Have you tried to deposit stolen banknotes (from a robbery/abduction) in a bank?

I wouldn't recommend it...

It's like depositing tainted BTC in a CEX with KYC/AML. They will be confiscated immediately.

But sure, nobody cares about serial numbers in hand-to-hand transactions. It's the same with BTC and p2p transactions.

I hope that clears up some misconceptions.

Last but not least, bankers still have some ace up their sleeves:

https://www.fleur-de-coin.com/eurocoins/banknote-rfid
https://www.eetimes.com/euro-bank-notes-to-embed-rfid-chips-by-2005/

I bet most people thought this wasn't possible, right?

They can invalidate old euro banknotes let's say by the end of this year and after that only RFID banknotes will be considered legal tender.

Considering the fact that banknotes ALWAYS originate from the banking system, this would make tracing far more ubiquitous than it is today with serial numbers.

There is no absolute transaction privacy with any transactions, even with monero.

Really?

Prove it: https://www.interactivecrypto.com/irs-625-000-bounty-for-breaking-monero-and-lightning

I am sure that for Bitcoin we are going to use some interesting second layer solution that will help as achieve much higher level of privacy.

Lightning already exists and according to IRS, it's a PITA.

[tiCeR]

That being said, it is reasonable to believe that no sec-2 curve has an NSA backdoor.

Believing that it doesn't have an NSA backdoor is reasonable. However, you can't throw it around the board as a fact. We don't have evidence of it being free of backdoor. We simply know that it's open for public scrutiny years now, and that a backdoor in such an examined algorithm would be likely discovered by now. That doesn't nullify the doubt.

It’s some unique quality but in one instance, you serve as mixers and coin offerers all in one.

Cash has existed for centuries, in much larger scale, and is equally or even less traceable than Monero. Yet, no user was subjected to using its banknotes for "mixing". Everyone accepted it.

I have been thinking about this as well and I am all for never say never here. There have been examples for backdoors that went undetected for decades.

But I find one idea quite compelling to think about, do you think that publicly available artificial intelligence will come to a point where it can be asked for vulnerabilities in the most secure (or rather most pervasively used) algorithms or could it intentionally be fed an information a la garbage-in-garbage-out such that it always provides an answer pleasing the public? If AI becomes more intelligent at an exponential rate while an algorithm is a static mathematical construct, would the chance be that those developing AI would/could be the ones to know first?

What I also wonder is whether a backdoor could in any case be detected as having been introduced deliberately by someone? I am sure there are cases where it could be, but there are probably cases where someone could say it was just a mistake in the code.

[cryptosize]

That being said, it is reasonable to believe that no sec-2 curve has an NSA backdoor.

Believing that it doesn't have an NSA backdoor is reasonable. However, you can't throw it around the board as a fact. We don't have evidence of it being free of backdoor. We simply know that it's open for public scrutiny years now, and that a backdoor in such an examined algorithm would be likely discovered by now. That doesn't nullify the doubt.

It’s some unique quality but in one instance, you serve as mixers and coin offerers all in one.

Cash has existed for centuries, in much larger scale, and is equally or even less traceable than Monero. Yet, no user was subjected to using its banknotes for "mixing". Everyone accepted it.

I have been thinking about this as well and I am all for never say never here. There have been examples for backdoors that went undetected for decades.

But I find one idea quite compelling to think about, do you think that publicly available artificial intelligence will come to a point where it can be asked for vulnerabilities in the most secure (or rather most pervasively used) algorithms or could it intentionally be fed an information a la garbage-in-garbage-out such that it always provides an answer pleasing the public? If AI becomes more intelligent at an exponential rate while an algorithm is a static mathematical construct, would the chance be that those developing AI would/could be the ones to know first?

What I also wonder is whether a backdoor could in any case be detected as having been introduced deliberately by someone? I am sure there are cases where it could be, but there are probably cases where someone could say it was just a mistake in the code.

https://youtu.be/Tr3t1uZNbKo?si=iAjJszpixt5FumJc