Introducing ZeroLink — The Bitcoin Fungibility Framework

To cut through my waffle click for ZeroLink’s specification

Aug 14, 2017 · 3 min read
Image for post
Image for post

I am extremely excited to announce the joint research of SamouraiWallet and HiddenWallet developers: ZeroLink that will make it possible to use Bitcoin in a fully anonymous way the first time. And no, I am not overstating it.


Image for post
Image for post

Even if there is a great, cheap and performant anonymity technique, there are just so many ways a user can be deanonymized, for example through network analysis. For this reason we came up with the Wallet Privacy Framework.

ZeroLink defines a pre-mix and a post-mix wallet and a mixing technique.
Pre-mix wallet functionality can be added to any Bitcoin wallet without much overhead. Post-mix wallets on the other hand have strong privacy requirements, regarding coin selection, private transaction and balance retrieval, transaction input and output indexing and broadcasting. The requirements and recommendations for pre and post-mix wallets together define the Wallet Privacy Framework.
Coins from pre-mix wallets to post-mix wallets are moved by mixing. Most on-chain mixing techniques, like CoinShuffle,CoinShuffle++ or TumbleBit’s Classic Tumbler mode can be used. However ZeroLink defines its own mixing technique: Chaumian CoinJoin.

Chaumian CoinJoin

In 2013 Gregory Maxwell detailed CoinJoin the first time. He already described this technique, hidden inside his FAQ, compressed into a few lines. It based on the Chaum Blind Signature Scheme, therefore we call it Chaumian CoinJoin:

Using chaum blind signatures: The users connect and provide inputs (and change addresses) and a cryptographically-blinded version of the address they want their private coins to go to; the server signs the tokens and returns them. The users anonymously reconnect, unblind their output addresses, and return them to the server. The server can see that all the outputs were signed by it and so all the outputs had to come from valid participants. Later people reconnect and sign.

A mixing round runs within seconds, and its anonymity set can go far beyond a single CoinJoin transaction’s if needed. Furthermore it is really cheap.

But if it’s so good why didn’t anyone build it? A part of the reason was: proper DoS protection is fairly hard to do. However the things have changed since 2013 and we are not living in a zero Bitcoin fee environment anymore. It turns out if Bitcoin fees stay around $1 there is an elegant way to make it uneconomical for malicious actors to disrupt mixing rounds.

Not Just Research

I succeeded to get the attention of Samourai Wallet’s developer: TDevD, who is also a contributor to ZeroLink. Both my HiddenWallet and SamouraiWallet are fully committed to implement and deploy it into production. Furthermore the team behind Stratis: BreezeWallet has shown significant interest in ZeroLink, as well. They are actively evaluating and waiting for the proposal to mature.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store