Maximizing Privacy on a Transparent Blockchain Like EarthBucks (and Bitcoin Cash)
My goal is to make sure that EarthBucks mimics the properties of physical cash closely, including a high degree of privacy. No one can just look up how much physical cash you have in a database somewhere, and likewise, no one should be able to look up how much EBX you have on a website somewhere. In this article I will sketch out privacy tactics that are already employed in EarthBucks and additional privacy tactics I plan to add with time.
I will argue that at a large scale, EarthBucks is just as private as the privacy-focused blockchains like Monero and zCash, even though the blockchain is transparent.
Do Not Re-Use Addresses
Bitcoin invented the notion of using the hash of a public key as an address (called a “pub key hash”), which has been widely copied by every alternate cryptocurrency since Bitcoin was launched. However, EarthBucks adds an important privacy layer to addresses because users do not use pub key hash addresses directly.
Under the hood, EarthBucks uses pub key hash addresses exactly like Bitcoin. Transaction outputs include the hash of a public key, and inputs include the public key itself and a signature. However, users do not make payments to a pub key hash. Instead, at the application layer, users use an “EBX Address” which looks just like an email address. This user-friendly address format is not stored on the blockchain. Instead, it is used to query a new pub key hash off-chain which is then put on the blockchain. This makes it natural and automatic to never re-use pub key hashes.
On other blockchains, it is common for users to re-use the same pub key hash address over and over again for convenience. This “one address” approach is naturally supported by most exchanges and wallets. This approach is terrible for privacy, because anyone can look up the balance of your address on a transparent blockchain. But because users are given the burden of generating new addresses, the cumbersome UX prevents most users from bothering to do so, thus losing nearly all privacy!
Not only is address re-use bad for that user, but it also harms all users who transact with someone who re-uses an address. If you simply receive multiple transactions from the same party, all of your transactions are now connected to a single identity, which leaks private information about your transactions. Address re-use is bad for the users who do it and for all users who transact with someone who does it! You should never re-use addresses.
The EBX solution, which doesn’t require any advanced technologies under the hood, completely solves this issue at the UX layer by using an off-chain address that has no connection to the underlying transactions. And each transaction uses a different pub key hash address. This is by far the most important privacy technique possible. No one can just look up your balance on the blockchain! To discover your balance, you would have to leak information that is not naturally leakable from the wallet software.
Do Not Merge Outputs
Cementing the policy of “do not re-use addresses” is the most important privacy tactic on a transparent blockchain, and it is already in place on EarthBucks. However, there are additional tactics we can deploy that not only prevent someone from casually looking up your balance, but also prevent someone from doing advanced data analysis of the blockchain to do so.
The next most important tactic is sometimes called “merge avoidance”, described by Mike Hearn in his 2013 blog post. The common way to make payments on Bitcoin and, as of today, EarthBucks as well, is to create one transaction for each payment that you send to someone. That’s fine if the transaction only needs one input. But suppose the user does not have any unspent outputs (UTXOs) to make this transaction. Then the user will have to build a transaction that “merges” multiple UTXOs together, which publicly reveals on the blockchain that the same person must control all of those UTXOs. Even if you have previously never re-used addresses, by merging UTXOs, you leak this information when you build a transaction.
The solution to this problem is to avoid merging UTXOs. Instead, you should build multiple transactions that each include one of your UTXOs. If you need to send 10 EBX, and you have 10 outputs of 1 EBX each, then you build 10 separate transactions and send all of them to new addresses of the recipient.
This strategy of merge avoidance would be nearly impossible on any blockchain where using a pub key hash address is standard, because the recipient would have to handle over 10 pub key hash addresses and the sender would have to somehow build 10 separate transactions with one input each to make this payment. That would be extremely cumbersome, which of course almost no one bothers to do. However, on EarthBucks, the EBX address, which is in the form of a domain name and includes a server address which can be queried with an API, makes it straightforward for every payment to query as many pub key hash addresses from the recipient as necessary to make many separate transactions.
Merge avoidance has not yet been implemented in EarthBucks. However, that is the next major privacy feature I plan to implement in the next version of the Pay protocol. The way the user builds a payment will be unchanged. However, under the hood, what will happen is that multiple new pub key hash addresses are received from the recipient for each payment. The sender will build many separate transactions, each with one input and one output, and send them to the recipient. The payment is thus split up into many separate parts that are not cryptographically linked on the blockchain, making it impossible for anyone analyzing the blockchain to know that these payments are linked.
Building a Giant Haystack
Finding your transaction on the blockchain is like finding a needle in a haystack. If there is no haystack, then your needle is plainly obvious. If it’s a big haystack, then finding your needle is difficult. If the haystack is giant, like the size of Planet Earth, then finding your needle is nearly impossible.
The goal of EarthBucks is to build a haystack so large that all ordinary payments are simply hidden by the vast number of transactions on the blockchain. The more users who use EarthBucks, and the more transactions they individually create, the more private is the entire system.
Obviously, this is quite a different philosophy than Bitcoin and a handful of other “small-block” blockchains like Litecoin. They do not plan to increase the size of the blockchain in this manner. But on EarthBucks, the maximum block size is unbounded. I want the size of blocks to grow without bound, forever, thus ever-increasing the difficulty of finding your needle in the haystack, and improving privacy for all users.
Bitcoin Cash and Other Blockchains
I plan to integrate a self-custodial Bitcoin Cash wallet into EBXOTC, the exchange for EarthBucks. After Bitcoin Cash, I will also add support for other blockchains. Because my ideas for no key re-use and merge avoidance work for any transparent blockchain, these same techniques will work for the EBXOTC wallet and all other polycoin wallets that are created with the EBX philosophy. The EBXOTC Bitcoin Cash wallet will be the most private existing BCH wallet! The same will apply to all other cryptocurrencies added to EBXOTC, and other EBX protocol-supporting wallets.
Conclusion
EarthBucks is designed to be as private as physical cash. The most important tactic for privacy is already in place: do not re-use addresses. The next most important tactic is merge avoidance, which will be implemented in the next version of the Pay protocol. The goal is to build a giant haystack of transactions that makes finding your needle nearly impossible. This is a different philosophy than most other blockchains, but it is the right philosophy for a blockchain that is designed to be used by the entire world for all transactions. The more users who use EarthBucks, the more private it becomes. EarthBucks is designed to be the most private blockchain in the world.