Un-KYC crypto using the lightning network

[Revoltec13]

I'm quite new to the lightning network and I just learned that it offers better privacy. If someone got KYC bitcoins and would like to un-KYC them, is it possible to do it through the lightning network or would Monero still be a better solution?

[d5000]

Well let's compare what both solutions do exactly:

- Monero creates ring signatures. This can be compared to big transactions with many senders and recipients (with some "fake addresses", i.e. existing addresses which in reality are not sending nor receiving anything mixed in afaik), and obfuscated amounts and receiver addresses. So while there are techniques which can identify senders if the user is careless, the exact transaction is very difficult to reconstruct.

- In Lightning, you would create a channel with the coins you want to "un-KYC", then transfer the coins via Lightning to another address, and close the channel (not mandatory). There is no on-chain connection between both addresses, but in the case a chain analysis company operates a Lightning node and you happen to route through it, then it could detect you. Via onion routing this is prevented a bit but it's not perfect.

In my (advanced but not expert!) opinion, in both cases the privacy is not 100% perfect, but you're private if you do several transactions but spaced out a bit and using several addresses. The likelihood that someone is able to analyze your transaction pattern decreases with every transaction.

Lightning has however a slight disadvantage: if the channel is closed, then chain analysis companies will know that you used Lightning because of the script which is pushed on chain. And your counterparty in the channel will probably eventually close the channel if you stay unresponsive for a too long time. So then they could use this information to follow your way through Lightning if they operate Lightning nodes like explained above.

Another disadvantage is of course that you will pay more fees with Lightning in this case, because you can't simply re-use the channel to "un-KYC" other coins.

On the other hand, Monero is 1) less secure and 2) more volatile, so there are also some risks.

Some more info: https://www.voltage.cloud/blog/lightning-network-privacy-explainer

[Revoltec13]

Well let's compare what both solutions do exactly:

- Monero creates ring signatures. This can be compared to big transactions with many senders and recipients (with some "fake addresses", i.e. existing addresses which in reality are not sending nor receiving anything mixed in afaik), and obfuscated amounts and receiver addresses. So while there are techniques which can identify senders if the user is careless, the exact transaction is very difficult to reconstruct.

- In Lightning, you would create a channel with the coins you want to "un-KYC", then transfer the coins via Lightning to another address, and close the channel (not mandatory). There is no on-chain connection between both addresses, but in the case a chain analysis company operates a Lightning node and you happen to route through it, then it could detect you. Via onion routing this is prevented a bit but it's not perfect.

In my (advanced but not expert!) opinion, in both cases the privacy is not 100% perfect, but you're private if you do several transactions but spaced out a bit and using several addresses. The likelihood that someone is able to analyze your transaction pattern decreases with every transaction.

Lightning has however a slight disadvantage: if the channel is closed, then chain analysis companies will know that you used Lightning because of the script which is pushed on chain. And your counterparty in the channel will probably eventually close the channel if you stay unresponsive for a too long time. So then they could use this information to follow your way through Lightning if they operate Lightning nodes like explained above.

Another disadvantage is of course that you will pay more fees with Lightning in this case, because you can't simply re-use the channel to "un-KYC" other coins.

On the other hand, Monero is 1) less secure and 2) more volatile, so there are also some risks.

Some more info: https://www.voltage.cloud/blog/lightning-network-privacy-explainer

Would it be better solution to use a bridge between different crypto currencies?

[d5000]

Would it be better solution to use a bridge between different crypto currencies?

I would be careful with "bridges", as most of them are partly centralized, and this is of course not good for privacy (neither too secure). You can never be sure one of these "bridge platform" custodians runs analytics software. And many of them make it possible to follow the "tracks".

IMO both Monero and Lightning offer both good privacy if you use them well. Use several transactions with different amounts with Monero or use several channels, also playing with amounts, if you want to do it via Lightning. And in both cases never deposit the "KYCed" and the "un-KYCed" coins on the same exchange or centralized wallet platform, nor use the same HD wallet (e.g. Electrum) for them. If you use HD wallets create two wallet files, one for KYCed and one for non-KYCed coins, connect both via Tor, and never connect them simultaneously.

I think if I had only basic technologic knowledge I would go for the Monero approach, of course also other privacy coins work (e.g. Grin).

Another technique to improve privacy are atomic swaps, i.e. trading one crypto for another one decentrally. Be aware that there are various techniques, only the technique with adaptor signatures improves privacy. A quite good option is: Atomic swap Bitcoin -> Monero, split the coins with XMR to variuos different accounts -> Atomic swap back to Bitcoin, but to different wallets, and never re-using any address in the process.

You can also use private exchanges, like those suggested in kycnot.me, at least for one of the Bitcoin <-> privacy coin exchanges.

[ABCbits]

Depending on what exactly you mean by "Un-KYC", CoinJoin or mixer may works for your use case. But,
1. It's easy to detect CoinJoin TX, where some centralized exchange/service doesn't accept coinjoined Bitcoin.
2. You need to trust mixer.
3. Some mixer give you "tainted" Bitcoin, which also not accepted by centralized/service.

You can also use private exchanges, like those suggested in kycnot.me, at least for one of the Bitcoin <-> privacy coin exchanges.

Just don't forget you still need to trust many of the listed exchange and the fact they usually have worse fee/exchange rate.

[Revoltec13]

Would it be better solution to use a bridge between different crypto currencies?

I would be careful with "bridges", as most of them are partly centralized, and this is of course not good for privacy (neither too secure). You can never be sure one of these "bridge platform" custodians runs analytics software. And many of them make it possible to follow the "tracks".

IMO both Monero and Lightning offer both good privacy if you use them well. Use several transactions with different amounts with Monero or use several channels, also playing with amounts, if you want to do it via Lightning. And in both cases never deposit the "KYCed" and the "un-KYCed" coins on the same exchange or centralized wallet platform, nor use the same HD wallet (e.g. Electrum) for them. If you use HD wallets create two wallet files, one for KYCed and one for non-KYCed coins, connect both via Tor, and never connect them simultaneously.

I think if I had only basic technologic knowledge I would go for the Monero approach, of course also other privacy coins work (e.g. Grin).

Another technique to improve privacy are atomic swaps, i.e. trading one crypto for another one decentrally. Be aware that there are various techniques, only the technique with adaptor signatures improves privacy. A quite good option is: Atomic swap Bitcoin -> Monero, split the coins with XMR to variuos different accounts -> Atomic swap back to Bitcoin, but to different wallets, and never re-using any address in the process.

You can also use private exchanges, like those suggested in kycnot.me, at least for one of the Bitcoin <-> privacy coin exchanges.

I have done a bit more research and I'm thinking about avoiding Monero and mixers as it can give me problems with proof of source of funds later. Does anybody know if this is the same if you use atomic swaps but with other coins?

Does the atomic swap only work for Monero or does it also work with, for instance, USDT? That is, could I use atomic swap for BTC -> USDT -> BTC and still succeed to un-KYC my coins? Would this approach still create problems for future proof of source of funds?

[Synchronice]

I think if I had only basic technologic knowledge I would go for the Monero approach, of course also other privacy coins work (e.g. Grin).

To my mind, it's not a good idea to use Grin because first of all, its CMC is 2.5 million (nothing) and daily trading volume is very low, a few thousand dollars. Also, compared to Monero, it's harder to exchange Grin.

P.S. I also think that when we talk about Privacy, not only transaction methods matter but we have to keep in mind the timing and volume of transaction. You can't send $8K worth Monero and immediately receive $8k worth Bitcoins. You have to make multiple transactions at different times to make it impossible to get tracked.

[d5000]

I have done a bit more research and I'm thinking about avoiding Monero and mixers as it can give me problems with proof of source of funds later. Does anybody know if this is the same if you use atomic swaps but with other coins?

As far as I know you can technically always prove the source of funds if you keep all your transaction data, it doesn't matter if you use Monero or Lightning. If you use mixers, this may be different as there is a centralized intermediary. While they often provide a letter of guarantee signed by them which contains the deposit address and withdrawal address, an authority could distrust the certificate if they don't have a list of mixers.

Edit: See this guide to prove you made a transaction with Monero. You must do this with all intermediate transactions on the XMR network. With the atomic swap transactions you must do something similar but the exact approach may be a bit different with the incoming (BTC -> XMR) and outgoing (XMR -> BTC) swap, if you're interested in this approach I can investigate.

Does the atomic swap only work for Monero or does it also work with, for instance, USDT? That is, could I use atomic swap for BTC -> USDT -> BTC and still succeed to un-KYC my coins? Would this approach still create problems for future proof of source of funds?

Atomic swaps with adaptor signatures and other private techniques exist for several coins, but I don't know if there's a software solution to exchange directly to ERC20 tokens like USDT (or on another blockchain). But for your purpose, you should also be fine if you exchange BTC to ETH and then back to BTC. This approach for example works with Ethereum.

Take into account that it's common to re-use addresses in Ethereum, but you should do like you would do with Bitcoin-style coins and realize some transactions in ETH with different addresses ("accounts") before you change it back to BTC to maximize privacy.

To my mind, it's not a good idea to use Grin because first of all, its CMC is 2.5 million (nothing) and daily trading volume is very low, a few thousand dollars. Also, compared to Monero, it's harder to exchange Grin.

Yes, it's perhaps not ideal for beginners. However it's one of the few serious Monero competitors so I mentioned it.

MimbleWimble - the Grin approach to privacy - can also used with Litecoin through the MWEB function.

You have to make multiple transactions at different times to make it impossible to get tracked.

Exactly, this is very important in all techniques mentioned, I mentioned it also in one of my earlier posts.

[BlackHatCoiner]

If you have KYC coins, then usually, a more preferable approach is to sell them back to the exchange, and go buy from somewhere else no-KYC, like in Bisq. This would mark your account as "not having any bitcoin".

If that's not an option, then you need to mix your coins after you withdraw them from the exchange. Not that this does not "un-KYC" your coins completely, because "KYC" means "Know Your Customer", and the exchange knows that you withdrew them, and that you might have access to them.

[Revoltec13]

I have done a bit more research and I'm thinking about avoiding Monero and mixers as it can give me problems with proof of source of funds later. Does anybody know if this is the same if you use atomic swaps but with other coins?

As far as I know you can technically always prove the source of funds if you keep all your transaction data, it doesn't matter if you use Monero or Lightning. If you use mixers, this may be different as there is a centralized intermediary. While they often provide a letter of guarantee signed by them which contains the deposit address and withdrawal address, an authority could distrust the certificate if they don't have a list of mixers.

Edit: See this guide to prove you made a transaction with Monero. You must do this with all intermediate transactions on the XMR network. With the atomic swap transactions you must do something similar but the exact approach may be a bit different with the incoming (BTC -> XMR) and outgoing (XMR -> BTC) swap, if you're interested in this approach I can investigate.

Does the atomic swap only work for Monero or does it also work with, for instance, USDT? That is, could I use atomic swap for BTC -> USDT -> BTC and still succeed to un-KYC my coins? Would this approach still create problems for future proof of source of funds?

Atomic swaps with adaptor signatures and other private techniques exist for several coins, but I don't know if there's a software solution to exchange directly to ERC20 tokens like USDT (or on another blockchain). But for your purpose, you should also be fine if you exchange BTC to ETH and then back to BTC. This approach for example works with Ethereum.

Take into account that it's common to re-use addresses in Ethereum, but you should do like you would do with Bitcoin-style coins and realize some transactions in ETH with different addresses ("accounts") before you change it back to BTC to maximize privacy.

To my mind, it's not a good idea to use Grin because first of all, its CMC is 2.5 million (nothing) and daily trading volume is very low, a few thousand dollars. Also, compared to Monero, it's harder to exchange Grin.

Yes, it's perhaps not ideal for beginners. However it's one of the few serious Monero competitors so I mentioned it.

MimbleWimble - the Grin approach to privacy - can also used with Litecoin through the MWEB function.

You have to make multiple transactions at different times to make it impossible to get tracked.

Exactly, this is very important in all techniques mentioned, I mentioned it also in one of my earlier posts.

Thanks for the answers! Are there any negatives in using atomic swaps? It seems like the best possible solution(?). I cannot see any negatives and it does seem like it offers close to 100% privacy. Is there something that has not been mentioned regarding the privacy side?

I know that coinjoin was very popular before but now it is known that it can be easily flagged. Maybe it is harder to prove source of funds?

It seems like it cannot get flagged that easily as with coinjoin but maybe there are some other risks like getting tainted coins or actually ending up with coins that are investigated by LE? As it is only swapping the transaction history with anther person?

[d5000]

Are there any negatives in using atomic swaps? It seems like the best possible solution(?). I cannot see any negatives and it does seem like it offers close to 100% privacy.

There's indeed still an issue I forgot to mention and you already suspected: In all solutions where you exchange a Bitcoin UTXO for another one coming originally from another person, e.g. CoinJoins and also atomic swaps, you could actually end up with coins from a doubtful source.

If your route is BTC -> XMR -> BTC then the obvious problematic step is the XMR -> BTC part. If you already did some transactions with XMR to obfuscate the amount, maybe for this step it is actually advisable to use a trustable non-KYC exchange (see link in my first post for several options). Or, if you know how to do it, check the Bitcoin UTXO's provenance (but be careful to not expose your privacy in this step, as chain analysis tools can check the IP addresses from those querying an UTXO ...).

Another possible negative for atomic swaps is that it can be difficult to find an exchange partner. https://kycnot.me has some platforms for atomic swaps too.

I know that coinjoin was very popular before but now it is known that it can be easily flagged. Maybe it is harder to prove source of funds?

In CoinJoins it is easy to prove source of funds: simply prove you own all addresses involved (sender and those recipients who receive your coins).

In atomic swaps you should always be able to prove the source of funds as long as you keep stored all data involved, i.e. all addresses, private/public keys, amounts and transactions IDs, however I don't know the exact procedure in the case of atomic swaps with adaptor signatures. You can easily prove that you sent an amount and received an amount on the target blockchain. But I don't know how you do the "connection" here, apart from the amount itself (which can be variable due to the exchange rate).

[Revoltec13]

Are there any negatives in using atomic swaps? It seems like the best possible solution(?). I cannot see any negatives and it does seem like it offers close to 100% privacy.

There's indeed still an issue I forgot to mention and you already suspected: In all solutions where you exchange a Bitcoin UTXO for another one coming originally from another person, e.g. CoinJoins and also atomic swaps, you could actually end up with coins from a doubtful source.

If your route is BTC -> XMR -> BTC then the obvious problematic step is the XMR -> BTC part. If you already did some transactions with XMR to obfuscate the amount, maybe for this step it is actually advisable to use a trustable non-KYC exchange (see link in my first post for several options). Or, if you know how to do it, check the Bitcoin UTXO's provenance (but be careful to not expose your privacy in this step, as chain analysis tools can check the IP addresses from those querying an UTXO ...).

Another possible negative for atomic swaps is that it can be difficult to find an exchange partner. https://kycnot.me has some platforms for atomic swaps too.

I know that coinjoin was very popular before but now it is known that it can be easily flagged. Maybe it is harder to prove source of funds?

In CoinJoins it is easy to prove source of funds: simply prove you own all addresses involved (sender and those recipients who receive your coins).

In atomic swaps you should always be able to prove the source of funds as long as you keep stored all data involved, i.e. all addresses, private/public keys, amounts and transactions IDs, however I don't know the exact procedure in the case of atomic swaps with adaptor signatures. You can easily prove that you sent an amount and received an amount on the target blockchain. But I don't know how you do the "connection" here, apart from the amount itself (which can be variable due to the exchange rate).

Is there a risk of ending up with tainted coins when you move back to the blockchain after using the lightning network?

[BlackHatCoiner]

Is there a risk of ending up with tainted coins when you move back to the blockchain after using the lightning network?

There's always a chance you end up with "tainted coins" when dealing with entities who discriminate you based on inaccurate data. For example, if you deal with a CEX like Binance, it's very likely that you mix your coins, either through coinjoin, or lightning, and their chain analysis buddies find this suspicious, because they cannot track it. So just don't use them.

[Revoltec13]

Are there any downsides to coinjoin or is it as good as the other alternatives?

[d5000]

Is there a risk of ending up with tainted coins when you move back to the blockchain after using the lightning network?

It depends how you "move back to the blockchain".

You can deposit the coins to a lightning networking service provider or to an exchange which accepts BTCLN and can exchange it back to BTC. It depends on the nature of these providers if you are risk that they send "tainted coins" to you. Trusted exchanges and service providers normally don't do that but one can never be sure.

The other option is simply open a channel yourself to a Lightning node to cash out. In this case you may also end up with tainted coins: the node opening a channel with you may want to get rid of his tainted coins too.

The question is of course also what you want to do with the coins. If you want to eventually move them to cold storage (one can deduce that from your questions about sources of founds), then Lightning may not be the best option. But if you want to use the coins to buy things then I would simply deposit them to a Lightning channel and then use Lightning to make the payments.

Regarding CoinJoins, the main risk is that you end up with funds coming from few parties pretending to be many, which want to get rid of tainted coins too.

Yes, perfect privacy is really complicated on BTC ... but for basic privacy I would simply use, as I wrote before, a mix of various methods, and splitting your funds to lower amounts so if you end up in some of your movements with tainted coins it doesn't affect such a large percentage of your coins.

[Text]

Are there any downsides to coinjoin or is it as good as the other alternatives?

The main downside of CoinJoin is its susceptibility to detection. Since it's a widely known technique for improving privacy, many exchanges and chain analysis tools flag transactions that appear to have used CoinJoin. This can raise concerns if you're planning to use a centralized exchange or require clear provenance of funds later, as some platforms may see CoinJoin transactions as mixed or tainted even when you haven’t actually engaged in any illegal activity.

[d5000]

The main downside of CoinJoin is its susceptibility to detection. Since it's a widely known technique for improving privacy, many exchanges and chain analysis tools flag transactions that appear to have used CoinJoin. This can raise concerns if you're planning to use a centralized exchange or require clear provenance of funds later, as some platforms may see CoinJoin transactions as mixed or tainted even when you haven’t actually engaged in any illegal activity.

While it is true that the transaction may be flagged, as I wrote in an earlier post, if you participated in a CoinJoin you can prove that the funds you pay out to your addresses came from your own input and were paid to addresses you own.

So all you have to show the exchange is that you had access to the address corresponding to the key which sent the coins. For this purpose, for example you can sign a message with all private keys involved, give the exchange the public keys, and they can check that you have indeed sent these funds. And if there were dubious funds involved in this CoinJoin, you can prove they are different from the funds caming from your sending address.

For example, let's say we have a CoinJoin:

- Address A pays 1 BTC
- Address B pays 2 BTC
- Address C pays 1 BTC
- Address D pays 3 BTC

Now the CoinJoin pays to Address E-K 1 Bitcoin each. Address E and F are owned by the owner of Address B, addresses G, H and I by the owner of Address D, J by the owner of Address A and K by the owner of Address C.

Address A owner wants to prove their source of funds, because an exchange found out that the funds coming from addresses B and D came from hacks. So they sign a message with the private key from Address A and another one with the private key from Address J.

Of course this makes it possible for the exchange to match the chain of transactions before the CoinJoin with chain analysis results. But as far as I understood the OP, their purpose is to anonymize the coins "for the public" (for observers on the public blockchain) but always to be able to prove the chain the funds came from, when requested by an exchange or authority.

[Revoltec13]

The main downside of CoinJoin is its susceptibility to detection. Since it's a widely known technique for improving privacy, many exchanges and chain analysis tools flag transactions that appear to have used CoinJoin. This can raise concerns if you're planning to use a centralized exchange or require clear provenance of funds later, as some platforms may see CoinJoin transactions as mixed or tainted even when you haven’t actually engaged in any illegal activity.

While it is true that the transaction may be flagged, as I wrote in an earlier post, if you participated in a CoinJoin you can prove that the funds you pay out to your addresses came from your own input and were paid to addresses you own.

So all you have to show the exchange is that you had access to the address corresponding to the key which sent the coins. For this purpose, for example you can sign a message with all private keys involved, give the exchange the public keys, and they can check that you have indeed sent these funds. And if there were dubious funds involved in this CoinJoin, you can prove they are different from the funds caming from your sending address.

For example, let's say we have a CoinJoin:

- Address A pays 1 BTC
- Address B pays 2 BTC
- Address C pays 1 BTC
- Address D pays 3 BTC

Now the CoinJoin pays to Address E-K 1 Bitcoin each. Address E and F are owned by the owner of Address B, addresses G, H and I by the owner of Address D, J by the owner of Address A and K by the owner of Address C.

Address A owner wants to prove their source of funds, because an exchange found out that the funds coming from addresses B and D came from hacks. So they sign a message with the private key from Address A and another one with the private key from Address J.

Of course this makes it possible for the exchange to match the chain of transactions before the CoinJoin with chain analysis results. But as far as I understood the OP, their purpose is to anonymize the coins "for the public" (for observers on the public blockchain) but always to be able to prove the chain the funds came from, when requested by an exchange or authority.

If I use coinjoin like JoinMarket, does JoinMarket keep track of transactions or logs some other information regarding my transactions? Are the smart contracts public somewhere?

[Kruw]

If I use coinjoin like JoinMarket, does JoinMarket keep track of transactions or logs some other information regarding my transactions? Are the smart contracts public somewhere?

In a JoinMarket coinjoin, there are makers (who provide liquidity) and takers (who buy liquidity from them). These coinjoin transactions are all public on the blockchain, with a distinct footprint. Takers trust no one in JoinMarket. Makers leave a log of the movement of funds with the taker who pays for their liquidity.

[Revoltec13]

If I use coinjoin like JoinMarket, does JoinMarket keep track of transactions or logs some other information regarding my transactions? Are the smart contracts public somewhere?

In a JoinMarket coinjoin, there are makers (who provide liquidity) and takers (who buy liquidity from them). These coinjoin transactions are all public on the blockchain, with a distinct footprint. Takers trust no one in JoinMarket. Makers leave a log of the movement of funds with the taker who pays for their liquidity.

"Makers leave a lof of the movement of funds with the taker..." does this mean that there will be a history of transactions that the maker or JoinMarket will be able to see, and through them, keep records of how you mixed your coins? Is this true regardless of if the mixer is centralized/decentralized?