Thursday, September 6, 2018

Battle of the Privacycoins: Why Dash Is Not Really That Private

Dash privacy

Based on blockchain technology, most cryptocurrencies have an open and public ledger. While this is required for these systems to work, it comes with a significant downside: Privacy is often quite limited. Government agencies, analytics companies and other interested parties — let's call them "spies" — have ways to analyze the public blockchains and peer-to-peer networks of cryptocurrencies like Bitcoin, to cluster addresses and tie them to IP addresses or other identifying information.

Unsatisfied with Bitcoin's privacy features, several cryptocurrency projects have, over the years, launched with the specific goal to improve on them. And not without success. Several of these privacycoins are among the most popular cryptocurrencies on the market today.

However, as detailed in this month's cover story, Bitcoin's privacy features have recently seen significant improvements as well and are set to further improve over the next months and years. This miniseries will compare different privacycoins to the privacy offered by Bitcoin.

In part one: Dash.

Background

Dash (DASH) is among the most popular but also the more controversial cryptocurrencies in the space today.

Originally a codebase fork from Litecoin (which is in turn a codebase fork of Bitcoin), Dash was launched by its founder Evan Duffield in January 2014 as Xcoin. The project was quickly rebranded to Darkcoin, seemingly in reference to Dark Wallet, a now-defunct, privacy-focused bitcoin wallet project. Darkcoin rebranded a second time in early 2015, to the current name Dash, which stands for "digital cash." At the time of writing, Dash claims a 12th spot on the cryptocurrency market cap lists, down from a top five spot for some time in early 2017.

Much of the controversy surrounding Dash stems from the early days of the project. While the coin was not premined, it was instamined. As the cryptocurrency went live, miners created 2 million coins in a matter of days. Quite a significant amount, with a total projected supply currently scheduled for a total of 22 million, and some 8 million coins in circulation today. According to Duffield, himself one of the early miners, the instamine was an accident. But instead of fixing the problem — for example, by changing the protocol rules or relaunching — it was decided that the coin would continue despite the instamine.

Since then, Dash has turned into (what it calls) a decentralized autonomous organization, or DAO and prides itself on being the first successful example of such an organization. The DAO centers around Dash "masternodes" — DASH nodes that stake (proof of ownership) at least 1000 DASH — and should help the network in certain ways, for instance by confirming "instant transactions." In return, these masternodes receive 45 percent of newly generated DASH.

Another 10 percent of every block reward is reserved for the Dash treasury. What happens with these funds is decided by the masternodes by vote. In practice, this money funds the Dash Core Group, effectively the company behind Dash, today headed by CEO Ryan Taylor.

Additionally, this part of the block reward funds various forms of promotion of Dash but also some external projects, including Arizona State University's Blockchain Research Laboratory, a legal cannabis industry payments platform, and several initiatives in emerging markets.

While once specifically marketed as a privacycoin, in recent years Dash did shift the focus of its pitch. Although privacy is still prominently featured on the Dash website and promotional material, it also emphasizes ease of use and low costs, apparently geared toward mainstream adoption. As a particularly notable deviation from its privacy-focused past, Dash even established a partnership with blockchain analytics company Coinfirm. While details about this partnership and the implications of it remain somewhat unclear, it's not hard to see how this partnership is an odd fit for a coin previously known as Darkcoin.

Which brings us to these privacy features.

Privacy

Dash actually offers one particular privacy feature called Private Send. The Private Send feature is conveniently offered in a drop-down menu of the Dash Core full node client and in other Dash wallets.

Private Send is really an implementation of CoinJoin, the privacy solution first proposed for Bitcoin by Bitcoin Core developer Gregory Maxwell. In Private Send, three users add their coins together in one big transaction, that sends the coins to freshly generated addresses belonging to the same three users. As such, the coins are effectively mixed between the three participants, breaking the blockchain trail of ownership between them. This process can be automatically repeated up to eight times, with (hopefully) different mixing participants, for extra privacy.

Like any CoinJoin solution, Private Send does require someone to construct the CoinJoin transaction. This is done using Dash's masternode system. Dash users that wish to mix their coins contact a random masternode, which then collects the coins from the different users, and mashes them together in the CoinJoin transaction. It's important to note that the masternode cannot steal the coins.

However, it does mean that Dash users must trust the masternodes with their privacy. After all, the mixing masternodes can link the sending and receiving addresses together; they know exactly which coins are going where. If these masternodes are run by spies or share their information with spies (on purpose or by accident), the Dash users gain less than nothing: They don't have privacy, while revealing that they would have liked to have privacy.

Granted, if a Dash user mixes his coins more than once, the odds should decrease that all mixing masternodes leak this information. However, to optimize uptime (and collect block rewards), many masternodes may well be run from virtual private servers that could be compromised relatively easily in one go, for example by government-sponsored spies. Further, many masternodes could be controlled by the same people (keep in mind that some 25 percent of all coins were mined in the first week), which means switching between them might not even help that much.

It's also worth noting that Private Send does require users to take the specific step of mixing, which in turn requires time, effort and comes with a (modest) fee. As such, only users who care about privacy are likely to partake in the mixing process; users who feel they have nothing to hide will not. This has the potential downside that mixing itself could be considered suspect. And while the trail of ownership is broken on the blockchain, the history of mixing is still visible.

Bitcoin

But perhaps most importantly, CoinJoin is not really unique. The technology was not only first proposed on Bitcoin, it is also available on Bitcoin. The most notable and powerful CoinJoin solution available today is Chaumian CoinJoin, which is embedded in the ZeroLink framework, which is, in turn, implemented in the Wasabi Wallet as well as the Bob Wallet and announced for Samourai Wallet.

Similar to Private Send, ZeroLink lets users add their coins together in one big transaction, which sends all these coins to freshly generated addresses belonging to the same users. But importantly, and unlike Private Send, the mixer is in this case unable to link the sending and receiving addresses. Clever cryptography helps break the link, without needing to trust anyone.

While Dash does, with its GUI-interface, offer a more user-friendly CoinJoin solution at this point time, the privacy guarantees are weaker than on Bitcoin — never mind serious contenders like Monero or Zcash. Needless to say, for a cryptocurrency that is, or at least was, promoted as a privacycoin, this is quite disappointing.

Or as Maxwell — whose very own CoinJoin invention is used for Private Send — once described Dash's privacy features: LOL.


This article originally appeared on Bitcoin Magazine.

No comments:

Post a Comment