Bitcoin Privacy

TumbleBit is one of the latest developments in the land of Bitcoin privacy proposals, and it’s gaining a large amount of attention from those who understand the importance of fungibility in digital cash systems. This privacy enhancement essentially allows a user to send transactions through a tumbler without the possibility of having their funds stolen or the tumbler learning about the connection between the sender and the receiver.

This improvement can be implemented without any changes to the Bitcoin protocol, which has some wondering how well Bitcoin will soon be able to compete against the more privacy-focused altcoins such as Monero and Zcash.

“Our goal with TumbleBit is providing privacy to the large numbers of people who use Bitcoin,” TumbleBit co-author Ethan Heilman told CoinJournal.

CoinJournal reached out to Heilman, Monero developer Riccardo Spagni, and Blockstream Mathematician Andrew Poelstra to get their thoughts on how TumbleBit compares with Monero and Zcash.

TumbleBit Compared to Monero

Monero is a cryptocurrency based on the CryptoNote protocol. Ring signatures and stealth addresses are used to protect the privacy and anonymity of Monero users. The alternative cryptocurrency recently gained a bit of attention after it was integrated into a couple of darknet marketplaces.

“Monero is a separate blockchain from bitcoin, and it achieves its privacy by making spends ambiguous as to what coins are actually being spent,” explained Poelstra. “This requires that people be running Monero and using Monero coins to use this and that everyone using the system has to validate the blockchain, which grows much faster than say Bitcoin because of its scaling features.”

When ask for his thoughts on TumbleBit, Spagni told CoinJournal, “Principally it seems fine, but practically it’s no better than a tumbler — if the tumbler was magically not going to steal your funds or leak metadata.”

“Privacy is useless unless it’s enforced in the protocol,” Spagni added. “Dash is an excellent example. There is so little usage of the privacy stuff that they’ve had to use their MasterNode budget to pay ‘liquidity providers’ to provide mixing liquidity. And if there happens to be tons of mixing liquidity, great, but how much of the mixing liquidity is untainted and not Sybil attacked?”

Poelstra explained that the need for a central server prevents TumbleBit from being implemented at the protocol level. “[Servers] are a single point of failure. They can be ephemeral and no funds are at risk, so it’s not a problem, but it makes it hard to integrate with a blockchain, which is forever.”

“In general, privacy mechanisms are much, much stronger if their use can be enforced, but I don’t really see a way to do that [with TumbleBit],” Poelstra added.

Implementing anonymization and privacy features in a cryptocurrency at the base protocol level, like Monero does, is generally better because it means everyone a user mixes their transactions with is mixing all of their other transactions as well.

TumbleBit Compared to Zcash

Zcash is the culmination of many years of work on the creation of a truly anonymous digital cash system. Based on the work in the Zerocoin and Zerocash white papers, Zcash is described as following in the company’s FAQ:

“Zcash is an open source, decentralized cryptocurrency, with system-wide privacy. Zcash uses advanced cryptographic techniques to ensures the maximum possible privacy for transactions conducted within the network.”

Zcash is said to provide the highest level of anonymity possible when compared to other systems, but there are also some drawbacks. “The privacy from Zcash would be a bit stronger because your anonymity set is all coins in the system vs TumbleBit, where it’s all coins in this round [of mixing],” said Poelstra. “But Zcash is much, much slower, it requires new crypto assumptions, and it’s still got that trusted setup. Though, my understanding is the Zcash folks have a tractable way to do the trusted setup in a multiparty way.”

When asked for his opinion on the matter, Zcash Advisor Andrew Miller agreed with the tradeoffs mentioned by Poelstra. “Zcash still has the advantage of a larger anonymity set after only one transaction,” said Miller. “You might also compare Bolt with TumbleBit in ‘lightning network’ mode. It’s cool that TumbleBit supports that. Bolt is like a lightning network channel for Zcash, the privacy is better here too, but I think it requires a modification to Zcash relative to the 1.0 plans.”

Both Miller and Poelstra pointed out that TumbleBit requires someone to put up the liquidity required to act as a tumbler, which is a potential downside of that option.

Although Heilman agreed that Zcash provides stronger anonymity than TumbleBit’s payment hub, he also pointed to the trusted setup as an issue for that project.

Tradeoffs Between Privacy Options

One of the key themes of the debate between the levels of privacy found on various blockchains is that there are usually going to be tradeoffs. Heilman explained:

“This gets to an essential question in blockchain design: What is the correct balance between building the features we want into the blockchain itself but increasing the complexity of consensus critical code or keeping the consensus critical code simple by building those features into the payment channel network layer instead?”

“Zcash and Monero are both excellent projects; however they aren’t Bitcoin compatible, and their anonymity mechanisms increase the consensus complexity of their blockchains,” Heilman added.

Privacy is an essential aspect of any currency to maintain fungibility, and there will undoubtedly be many more privacy improvement proposals that alter what’s possible with digital cash systems in the future — including Monero and Zcash sidechains, which would essentially allow users to access to the features of those blockchains without the need to create a new altcoin (bitcoin would be used).

For now, users are going to have to think about their own needs and come to their own conclusions on which systems suit their needs.

Miller was able to sum up the general feeling of those who are working on improving privacy in cryptocurrencies when he said, “Overall, I’m mostly just excited that there’s so much activity in this space now. I like Monero and CoinShuffle a lot too.”

Find out how TumbleBit compares to other Bitcoin-specific privacy solutions, such as CoinJoin and CoinShuffle, in part 2