Upcoming Wasabi Wallet Hard Fork
During the developer meeting yesterday an interesting idea has been brought up that would enable us to implement a basic form of Unequal Input Mixing with minimal modifications to the current protocol of Wasabi Wallet. While this in itself does not require a hard fork, we could implement it in a more elegant way with a hard fork.
Before that, what is a hard fork in Wasabi and why it is a good time to do it?
Background: Wasabi HardFork
All Wasabi clients are connected to a coordinator and the Bitcoin P2P network. The connection to the coordinator is shown by the Tor and the Backend status and the connection to the P2P network is shown by the number of peers you are connected to on your status bar:
When a new client version is available, the coordinator tells this to the clients and a notification will appear on your status bar:
In this case you can use Wasabi with your older version. However sometimes the coordinator and the client must be updated the same time, that’s what we call hard fork. In this case you will see the following:
What happens under the hood is that, I increase the coordinator version, which makes its way to the request URL, except for the version check request. Thus your wallet will be unusable and you must upgrade. This is what we call a Wasabi hard fork.
In July we have foreseen three hard forks of this kind. We have conducted the first one circa 2 weeks™ after the Beta release, so two more is due and this post is about the second one.
Schnorr Blind Signatures
Back then lontivero implemented Schnorr Blind Signatures to NBitcoin, but we didn’t want to replace our scheme, due to Chaumian Blind Signatures were just working fine. However has matured for the replacement and sparked with the idea in this blog post we will batch this improvement to the Wasabi hard fork.
An interesting side effect will be that we should not call Wasabi’s coinjoin’s scheme “Chaumian CoinJoins”, because now it will not be using Chaum’s blind signatures, rather “Schnorrian CoinJoin” or whatever name sticks.
If you are interested in Schnorr Blind Signatures check out Blockstream’s Nick Jonas’s talk at the Building on Bitcoin conference:
New Signing Key Every Round
In 2017 Samourai developer Antoine Walter brought my attention to a DoS vulnerability in the ZeroLink protocol, which I ended up solving by introducing a “RoundHash.” Leaving out the technical details why, this RoundHash resulted to be a serious limiting factor in a number of ways, most painfully I was not able to launch a fall back round with the remaining number of participants when a coinjoin round failed.
Leaving out why that is important and even more technical details, we would be able to remove this “RoundHash” if we would use a new signing key every round, which leads us to the final and most exciting innovation regarding Wasabi’s upcoming hard fork:
Basic Unequal Input Mixing Extension
One of the main problem with Wasabi is that, if you have too much money it will take forever to mix. There are a few others and a well-researched form of Unequal Input Mixing would solve most of them. But that requires research and a complete reimplementation of the protocol, which we are absolutely planning to do, and we are happily rewarding those who are contributing to the ongoing conversation in this field with some nice colored belts in our Dojo, but we have no resources to do a serious research on it today. Rather, during the development meeting yesterday molnard brought up the idea that we could do some smaller tweaks to the current protocol, that resembles Unequal Input Mixing. Which I took the time and elaborated on this scheme.
The intuition is this. We could assign signing keys to levels and the levels would be the multipliers of the mixing denomination. Do not worry if you did not understand, let’s look at an example:
Mixing After Hard Fork
In this scheme we mixed the changes, too. One thing you may notice that there can be more optimal mixes there, however there are a couple of issues with that.
- First in order to later facilitate GroupSend and perfect mixes, the outputs at all times must be multiplications of the denomination.
- Second, if the denominations are not fixed at registration time, the coordinator could trick and deanonymize the users.
- Third, when there are many participants, it does not matter much, this will result in fairly optimal mix.
- Lastly, this is a small tweak, that “resembles” Unequal Input Mixing, it is not something based on a fully developed research. We could create an optimal mixing scheme, but that would require complete reengineering, this scheme only requires introducing multiple signing keys per round and zero large protocol changes.
You will be able to mix larger amounts with Wasabi faster and cheaper.
- Faster, because you gain more anonymity per round.
- Cheaper, because more anonymity will be gained per blockchain space used.
But again, this is not a full fledged Unequal Amount Mixing research, it is just a low hanging fruit.
Finally it is also worth mentioning that we would not need any of this shit if Bitcoin would have Confidential Transactions or some kind of amount blinding.