Privacy-focused Bitcoin software wallet Wasabi is getting a major protocol overhaul.
The Wasabi team is working on a new protocol design, dubbed WabiSabi, in a bid to improve the user experience and privacy guarantees of the wallet’s CoinJoin transactions. The major design change would allow users to coinjoin with different values than their peers, a first for the privacy-minded technology that could lead to new (and more flexible) use cases. Wasabi has been conceptualizing the design in a research group since the beginning of 2020 and has hired team members to work on the implementation.
Out with the old
Currently, Wasabi’s CoinJoin – a mixing protocol that, when used correctly, can obscure a bitcoin’s transaction history – relies on the ZeroLink protocol and blind signatures for mixing. Under this scheme, users must spend a like amount of bitcoin with other users in a mixing pool for the CoinJoin to work successfully; these like amounts are shuffled together in a pool, after which each user receives the same amount of bitcoin back in a way that doesn’t reveal their original input.
For this to work effectively, each user in a CoinJoin transaction must all input the same amount of bitcoin to the pool (e.g., 0.1, 0.01, etc) or the transaction could be easily deanonymized by blockchain surveillance.
This current scheme also gives the CoinJoin’s coordinator a spyglass into a user’s information. Wasabi contractor and contributor Max Hillebrand told CoinDesk that a coordinator theoretically “could link the input to the change output, and could link multiple inputs to the same user.”
WabiSabi won’t disintermediate this coordinator role, seeing as it is necessary to make the protocol as frictionless and low-latency as possible. But the new design, according to Wasabi’s team, will keep the coordinator from tracing inputs to ensure “as few privacy leaks as reasonable,” Hillebrand said.
In with the new
The new protocol is a technical casserole that combines Pedersen commitments and keyed-verification anonymous credentials (KVAC), a feature used for group messaging on the encrypted chat app Signal.
If WabiSabi works in practice as it does in theory, then users will be able to spend any amount, irrespective of the value spent by their peers – an improvement over the current design that demands each input equals each other input in the pool.
Wasabi co-founder and lead researcher Adam Ficsor told CoinDesk this new design could unlock new CoinJoin use cases, like “CoinSwapping with CoinJoins and open lightning channels with CoinJoins.”
Hillebrand continued to highlight that this implementation will not be limited to self-spends, where users can only send a CoinJoin transaction to themselves, like under the current model. Rather, WabiSabi would allow them to send a CoinJoin transaction to another user as well. This process would operate in the background if it runs the way Wasabi envisions it, opening up the possibility to make “every spend a CoinJoin.”
“The [old] Zero Link CoinJoins are mainly a self-spend, so the same user owns the input and the output. It’s not a payment; it’s like you are shuffling the bitcoin from your left pocket to your right pocket. This increases blockspace usage and thus incurs more expensive mining fees for the sender and verification cost for all Bitcoin full node users.”
'Testing, testing, testing'
Of course, the protocol’s development is still in its early stages, and Wasabi lead developer Lucas Ontivero told CoinDesk the white paper, which was unveiled to the cryptographic mailing list in mid-June, is “still being peer reviewed.”
The challenge now is structuring the actual transaction design, which is a different technical feat from designing the protocol itself. As Hillebrand explained, the WabiSabi protocol design sets the parameters for data transmission between end users and coordinators, while the transaction structure of inputs and outputs is a different problem entirely.
This “transaction structure is not 100% ready,” Wasabi cryptographer István András Seres told CoinDesk over email. He added that “it is a huge design [requirement]” and that the team will want a “proper audit” before feeling comfortable releasing it to the public.
So a working WabiSabi implementation may be some time away, though the next step in development is creating a transaction scheme that retains the privacy promises of the underlying protocol. The team did not make any promises about when the tech could be ready, as “there are many open research questions and unknowns,” Hillebrand said.
As independent Bitcoin privacy researcher Yuval Kogman put it, the next, challenging step is “going from theory to practice” in a way that keeps the protocol as user friendly as possible to maximize its adoption.
“On the cryptography side, the theory is well developed and understood. Anonymous credentials as a concept go a long way back and are fairly straightforward to apply…a big part of the challenge is UI/UX [user interface/user experience], and in order to take full advantage of the credential scheme and the transaction structure, we will have to find some creative solutions,” he said, adding that the team has “already come up with some pretty promising and interesting ideas.”
0 Comments