Officially launched on October 31, 2018, the 10th anniversary of Satoshi Nakamoto’s white paper, Wasabi Wallet is an open source, non-custodial, privacy focused Bitcoin wallet, which implements the technology known as Chaumian CoinJoin, a trustless coin shuffling with mathematically provable anonymity.
Its anonymity features rely on ZeroLink, a protocol initially introduced by Ádám Ficsór aka nopara73, who is also the creator and one of the key figures behind Wasabi Wallet. Ficsór unveiled Wasabi at Building on Bitcoin 2018 in Lisbon, an industry conference dedicated to Bitcoin technical developments, explaining that it is a new implementation of the project formerly known as HiddenWallet.
Video: Wasabi Wallet presentation at Building on Bitcoin 2018 (starting from 17:00)
However, as Ficsór explained during his talk, Wasabi Wallet is way more than just a rebrand of HiddenWallet; in fact, it has been rewritten from scratch to add a whole bunch of new features, including default Tor support and the ability to sync to the blockchain without leaking data which is the case with most of light wallets.
“This is the only truly light wallet that is already deployed and that does not fail against network analysis, thus protects your privacy against network observers. We achieve this by implementing a BIP157–158,” wrote Ádám Ficsór in a blog post in July of this year.
To put it simple, Wasabi Wallet prevents “spies” such as blockchain analytics companies from tracking Bitcoin transactions by mixing one user’s coins with other users’ coins, thus ensuring users’ privacy.
Notably, on the wallet’s launch day, October 31, Ádám Ficsór initiated the largest CoinJoin transaction in the entire history of the flagship cryptocurrency, which involved 34.30709811 BTC.
The largest CoinJoin in the history of Bitcoin has just been created. Exactly 10 years after its whitepaper. Beautiful!https://t.co/DaTXrey12h
— nopara73 (@nopara73) October 31, 2018
ForkLog had an opportunity to talk to Ádám Ficsór as well as Gergely Hajdu and Balint Harmat, two other co-founders of zkSNACKs, the Gibraltar-based technology startup behind Wasabi Wallet. We discussed a number of issues, including technical aspects of Wasabi Wallet’s latest release, the importance of privacy in today’s world in and Bitcoin fungibility, as well as future plans of the team.
ForkLog: Recently, you announced the Wasabi Wallet 1.0.2 release with what you call “countless improvements to CoinJoins.” Will you tell more about the release and what it brings to users?
Balint Harmat: With this release we wanted to enhance the user experience for the CoinJoin based on the feedbacks from the users. Just to mention the major enhancements:
- Adjust the minimum denomination in order to be able to coinjoin again the output of the previous round without merging UTXOs: with this improvement users are able to involve their CoinJoin-ed coins in the next round, so they can further increase the coin’s anonymity set.
- Successful rounds are shown instead of just a round: in the previous release the round ID calculated all the rounds whether it was successful or not. This led to misunderstanding from the users.
- Round failure is now graphically displayed: when a CoinJoin goes through the 4 stages (registration, connection, output registration, signing) there are 4 circles indicating the stages respectively. In this release if a certain stage fails, the corresponding circle changes to red.
- Coin selection improvement: there is a possibility now to select or deselect all, private, or non-private coins to enqueue them to a CoinJoin.
- Banned coin status: If a user fails to sign the CoinJoin (or interrupt in any other way) the coins are being banned. This is now shown in the coins’ history.
The above improvements are only the most noticeable ones, the whole list can be found on the Github page:
nopara73: There are countless practical issues with making sure a few dozen people are cooperating seamlessly over Tor at the exact same time. We have identified many and acted upon them. From the feedback it seems like the user experience improved significantly with coinjoins. That being said, there were no protocol changes or crypto changes, this release was all about optimizations and UX.
ForkLog: Overall, what makes Wasabi special compared to other privacy-focused wallets? What are the main advantages?
Balint Harmat: The main distinction of Wasabi Wallet is its CoinJoin feature, that allows its users to join their coins in one transaction. On the other hand, besides the CoinJoin feature there are numerous other built-in features that come default with Wasabi:
- Advanced coin control features
- Built-in Tor
- Light wallet without failing to network analysis
- ZeroLink: The Bitcoin Fungibility Framework
We usually say as an ordinary wallet it offers so much additional benefits compared to any other wallets, that it’s worth to use even if someone does not use the CoinJoin feature.
nopara73: As for the blockchain level privacy, there are also JoinMarket, Stratis’ Breeze Wallet and Bob Wallet.
Like Wasabi, JoinMarket also uses CoinJoin, however this is a different kind of animal. In fact, CoinShuffle, TumbleBit or other round based mixing techniques are better comparable to Wasabi’s Chaumian CoinJoin than JoinMarket. In a nutshell, Wasabi has higher anonymity set, but it comes with the cost of mixing speed.
Breeze is a TumbleBit implementation, it has similar user experience and characteristics to Wasabi’s Chaumian CoinJoin. I love the project and I worked on it myself. They have a kickass development team, the most experienced one I worked with so far, however my research on ZeroLink and Chaumian CoinJoin indicated that the latter approach is more performant and practical than TumbleBit’s Classic Tumbler mode.
Bob Wallet is using Chaumian CoinJoin just like Wasabi. I have been long planning to review their code, but has never done so, so I am not sure what to say about it.
On the network level, full nodes, full SPV nodes and Neutrino nodes are kings. Wasabi is the latter, JoinMarket is the former, it uses Bitcoin Core, and Breeze is a hybrid. Unfortunately, because of how they fetch addresses, all your addresses are connected together if you are using any light wallet, other than Wasabi, so there’s a food for thought there.
ForkLog: As of now Wasabi is available only for desktops (Windows, Linux and MacOS). Do you plan to make it available for Android and iOS users?
Gergely Hajdu: The mobile (both iOS and Android) version is absolutely among our future plans, but as far as we can see it now unfortunately not in the near future. There are several reasons behind this, but in general we think the mobile technology is just not mature enough for the technology Wasabi uses.
nopara73: The short answer is: not anytime soon. The longer one is that in theory, Wasabi could support smart phones. In practice, these platforms and their tools are not mature enough just yet. The concept of network analysis resistant smartphone wallets is not yet proven. If we would try to port Wasabi’s code today, the wallet would use too much storage space, battery and network. Another implementation issue comes from Wasabi’s reliance on Tor, which adds another layer of friction. On the desktop, we were able to work around nearly all of the reliability issues of the anonymity network, but the current state of Tor on mobile platforms may pose additional challenges.
However, technology is improving quickly, thus, timing has special importance in this matter.
I am personally also hoping that Samourai wallet will be ported to iOS and will provide both very strong network and blockchain level privacy by the time we consider this question, so we will not need to do the work ourselves, thus Bitcoin privacy will be just fine without the need for Wasabi on these platforms.
ForkLog: On your GitHub page, you mention a new BIP which aims to facilitate user experience regarding copy-paste addresses. Why do you think it was important to come up with such a proposal and will it eventually get a specific number?
nopara73: By today’s BIP standards, this is an insignificant BIP. We just had a well-defined issue and we thought instead of going ahead and implementing it, let’s formalize it first, so other wallet developers can benefit from it when they inevitably encounter this. That being said, this BIP is unconventional in a way that, this is the first BIP that wants to improve upon user experience and many people think Bitcoin has a long way to improve in that field. Thus it may be the best for Bitcoin if these kind of UX BIPs start surfacing and this BIP could be a stepping stone in that direction.
ForkLog: Critics paid attention to the fact that in order to get into the mixing queue, users have to possess at least 0.1 BTC. It was also reported that Wasabi’s CoinJoin feature requires users to wait until 100 users pool their bitcoins together to send out at once. All this is probably limiting people who still want transaction anonymity but with smaller amounts.
Balint Harmat: Until unequal input mixing is not implemented, there has to be a denomination level for the CoinJoin. At the moment this level is indeed 0.1 BTC however some users require greater, some lower denomination levels. This 0.1 BTC turned out so far to be a somewhat widely accepted value. In the future there might be different denomination levels, but as for now we would like to establish a good user base.
Originally the plan was to have an anonymity set of 100 (100 people in one round) but as long as the user base in not large enough this seems to be too high. After the launch of the 1.0 version we lowered this level to 49 so the rounds can go quicker. It has been working for a while, but we suffered a DoS attack so the anonymity set needed to be further lowered. At the moment it is at 41, so this number of people is needed for a CoinJoin to happen. With this there are around 10-20 round a day which means almost a round every hour.
Gergely Hajdu: In order to keep the users happy and provide a good user experience, the rounds should happen continuously. As we see that the number of rounds per day are growing, we are going to increase the anonymity set accordingly. We hope we can reach the desired 100 soon.
nopara73: This is a reasonable criticism. We may provide near perfect anonymity, but not without convenience cost. This is one of the reason why we need to concentrate on UX much more than other Bitcoin wallets, to balance this out.
For the record, we do not have 100 users pool yet, it is 41 at the moment.
One possible solution is to add some kind of amount blinding to Bitcoin, like Confidential Transactions. Another one that does not require consensus change is something I have been long researching: Unequal Input Mixing. This will eventually get into Wasabi, but there are still many things to do in regards of researching this topic. I must credit some Wasabi users Mark Rex and nothingmuch who have been incredibly useful advancing this topic. I hope soon I will have the time to organize and incorporate their ideas in my mental models.
ForkLog: Recently there were issues with Tor connectivity which also affected Wasabi Wallet. However, you insist that you have ideas how to hack this around. Can you share these ideas and what else can be done to avoid such situations in future?
nopara73: In the big scheme of things, this is not a big deal. This just means a Wasabi uptime failure 2-7 hours a month. Nevertheless we will fix it. The issue was that sometimes the user’s Tor Guard does not work properly. For some reason it doesn’t see the whole Onion network. It would be great if Tor would fix this issue, but they said they cannot do anything about it. This is the reliability cost of using an anonymity network.
Since you asked for the nuts and bolts, we have three possible solution in mind:
- We can set up another hidden service and fall back to that. This of course comes with the risk that the Guard will not see our hidden service either.
- We can expose a clearnet address and query it over Tor. An exit node will always be found by any Guard, thus uptime would be guaranteed. Interestingly and unfortunately, most of the criticism of the Tor network only applies when you end up using exit nodes, but the Tor uptime issue only happens once or twice a month, so maybe I’m too paranoid in this regard.
- The third option is the most complicated one. We could use a Tor bridge when this happens. This would result in a Guard change. This seems to be the best approach privacy wise, because the coordinator would not be able to tell what address the user is querying, which may or may not matter. This of course comes with the same issue as the first one, that the client does not get a new Guard, or the new Guard will not see our hidden service either. This would also introduce more friction, which is a reliability problem. Attempting to solve a reliability issue with introducing another one may not be a good idea.
ForkLog: What is the situation with your company’s financing? Do you still rely on self-financing and donations?
Balint Harmat: Luckily we are already generating revenues from the date of the launch. Unfortunately though this is not yet enough to maintain the whole staff and to spend for other necessary stuff (administration, distribution, education, server, etc.) to break even.
So yes, we are still self-financing ourselves. We have applied for the CoinJoin bounty which would be a huge financial help if we can win that, but we did not get a reply yet.
Gergely Hajdu: On the other hand we are also open for angel or venture capital investors.
nopara73: Hopefully our income will soon the salary of our developers and we can avoid living under a bridge. That would be unfortunate, because we may have Internet issues there.
ForkLog: Will there be any additional ways of monetizing Wasabi Wallet besides the mixing fees?
Balint Harmat: It is a bit early to think about this, but certainly there are other ways too.
One thing that came already to our mind is to provide this service on an institutional level somehow. This would need further research and obviously funding as well. But since this could also be a huge market and would contribute to Bitcoin acceptance on a larger basis, we have to keep it in mind.
We definitely do not want to implement immature technologies into the wallet that may ruin the users’ privacy or can even destabilize the software.
Interestingly enough, Ádám Ficsór was more categorical on this, with his answer being a simple “No.”
ForkLog: Bitcoin is the biggest and most respectable peer-to-peer network [hopefully that won’t change], with the growing number of traders and institutions being involved. With so much attention to the industry from the regulators, can’t privacy by default hurt their interests? If total privacy for Bitcoin is implemented, won’t this halt mass adoption? In the end, there are always privacy-focused alternatives like Monero for those who want anonymity by default.
Balint Harmat: We think it’s the opposite. Without privacy in Bitcoin there is simply no possibility to reach real mass adoption. Just think it this way: is Uncle Sam going to use it if he is going to be aware that his financial background would be an open book?
Regulators are obviously against basically the whole crypto ecosystem, because it is against their century old understandings of monetary system. It is always easier to stick to the old habits and go with them instead of gaining an in-depth understanding of new possibilities and apply them in an acceptable way. Some regulators use their power over crypto to ban technologies instead of finding out a way that could be beneficial for all parties.
Privacy helps the fungibility of Bitcoin, without fungibility mass adoption is just a vision.
nopara73: Back in July, in his talk at Building Bitcoin, Eric Voskuil said: “Go break the law, it’s black market money.” What he meant by that is that humans should make ethical choices even when it is against the law. Do you think it was ok to be a law-abiding citizen in Germany of 1940’s? What use-case is there for Bitcoin if not disrupting the inefficient, scammy and traditional financial system that is ultimately the reason why billions of people around the globe are living in poverty?
Regarding Monero, I have to say, it is great. It started out as a scam without any privacy, due to subset sum, but slowly, over the years, the community addressed most of my privacy related criticism. That being said, don’t go and fill your bags based on my words, I am too busy working on Bitcoin to recognize the nuances.
ForkLog: Is it possible to provide users with privacy features, but let them pass KYC-procedure within regulated exchanges and obfuscate transactions when they are out of those platforms to make tracing impossible? What do you think about this sort of compromise?
Balint Harmat: This is a very interesting question, and possibly it helps to understand the real reason for financial privacy.
We assume that the average Bitcoin user is legit (just like in the case of fiat cash) and wants to use Bitcoin since it provides the opportunity for quick and cheap P2P transactions. What are the opportunities for him to acquire Bitcoin? Mine it, buy it on exchange, get it as salary, etc.
The question’s first part could be taken into the following context as well: a person who has money in a bank (KYC) withdraws the money through an ATM and spends it as cash. In this case there is no possible way to trace the destination of those bills (as far as I know there is no record about the serial number of the bills). This person does not even recognize that he has the maximum possible financial privacy while using cash. It comes by default and naturally expected. So at first he’s been KYC’d and enjoys privacy afterwards .
Why you cannot do the same with Bitcoin? The aim with Wasabi and with privacy in Bitcoin is to be able to spend your money (how you earned it or acquired it is not the question of privacy!) as it was cash. So transferring from an exchange to Wasabi and making the everyday spendings privately is something like using cash. If this person sends Bitcoin back to the exchange, KYC should not be a problem again as long as the origin (by origin we mean whether the person has the right and background to possess it) of the Bitcoin can be explained. It is just like the case of cash: you do not have to prove the serial numbers of the bills, but rather yourself as a person, whether you are rightfully in possession of that amount of money.
Gergely Hajdu: Let’s see the whole context without exchanges where KYC is compulsory. In this case there is no exchanging between Bitcoin and fiat, there is only Bitcoin involved (like if you were receiving your salary in cash instead of bank transfer). You can spend your money without letting everybody know what you are spending on. Just like in case of fiat, different authorities and agencies are going to contact you if you spend on valuable goods (Lambo :), real estate, etc.) that are out of your league.
All in all it is not necessarily a compromise to have privacy while making transactions and KYC on exchanges as long as you are at least as good as at your bank.
Money laundering, terrorism financing, other illegal activities must be punished that is not a question.
nopara73: Fungibility is an essential property of good money. And we are building good money. I would not like to compromise on a basic principle to gain some leverage in a short-term political game.
ForkLog: The next question is personally for Ádám. Can you tell more about the incident when you were detained for 12 hours in an airport in the United States? Do you think it was related to your work on confidential technologies?
nopara73: I was backpacking around the world for a couple of years. Going through immigration in Bitcoin T-Shirts, with a laptop that is full of Tor and Bitcoin stickers has never been an issue. In fact, once they even accepted Bitcoin as proof of funds when I went to Thailand.
This is why it surprised me when I told the US immigration that I came for a Bitcoin conference. They took my passport, lead me to a back office and did not let me to use any technology for 12 hours. Then the guards had their shift, they had no idea why I was there anymore, I told them I came to a “math conference” so they let me go. It was not related to my work, but the whole process was designed in a way to make people scared, so I have had a quite unpleasant and nervous time there, rethinking many things.
This experience led me to team up with Gergo and Balint and to create a company with them. They are lawyers and can make sure everything is being done according to the book. Luckily, privacy is an inalienable human right and there are numerous privacy companies out there already, so we have a great legal basis for operation until we do not directly step on the foot of anyone who is above the law. Anyway, it was a great trip to the US. Too bad for the sake of my own opsec I had to decide it was not only my first trip, but also my last one.
ForkLog: Are you aware of any other attempts by law enforcement to intimidate privacy-focused developers?
nopara73: No. The anarcho capitalist and libertarian voices in Bitcoin are loud. Maybe rightfully, maybe not, but I am not aware of anyone being bothered by law enforcement who works on a non-custodial Bitcoin product.
The way bitcoin works sometimes can be quite geeky. Moreover, some developers even think we’re not ready for mass adoption even to start. What upgrades have to be implemented and how to convince people that they actually need decentralized money without third parties?
nopara73: I would leave these questions to be answered by Bitcoin philosophers.
ForkLog: What would be your three arguments if you had to convince an average Joe that he needs complete privacy?
Balint Harmat: How much money do you have? This is usually the question no one wants to answer right away to a stranger. If we do not enjoy financial privacy we would be an open book for any entity. At the moment it may not be so obvious, but as soon as Bitcoin goes mainstream the number of surveillance and blockchain analysis companies is going to grow and they will have deadly weapons to map our financial history.
Well being: The other thing we do not really want to talk about is our surgeries, diseases, illnesses. As we are getting older and older, we spend more and more on these, not even mentioning plastic surgery. Just think about the following: “Are those for real?” Let me check your Bitcoin history… 🙂 This is just a interesting example, but I bet you understand what I mean.
Secrets, sensitive business information: we believe this is one of the main points why Bitcoin could not yet get mass adoption. Without corporate use it probably won’t be mainstream, since it can provide huge liquidity and legislative power to the system. But corporations are not surviving without financial privacy. Just think about wages, production costs, material costs, subcontractor, etc.
nopara73: An average Joe (including myself) often chooses his product based on usability. I hope to create a system where an average Joe does not have to consider that factor anymore, because the privacy product is just as usable as the non-privacy product. I hope to improve the user experience and the workflow of Wasabi to new levels. I have a bit of an artist blood and I care much more about UX, than an average developer Joe.
ForkLog: And lastly, if you had to choose between one coin for all purposes or many coins, what would be you choice?
Balint Harmat: Bitcoin as the main coin, but certainly there will be other good projects which will survive.
Gergely Hajdu: In my opinion, currently a coin could serve the economic needs. Only Bitcoin has sufficient acceptance and capacity, this is the only coin that will fully cover all the citizens of the world in the future.
nopara73: I don’t have the brainspace to work on millions of systems simultaneously, so I would vote for one.
View original post