The Only Thing Better than Minimal Trust Is None at All
Trust in a bitcoin wallet is a little like the side effects of a medication: ideally, there would be none at all, but if any do exist, everyone needs to know what they are and how severe they are.
Trusting another party implies opening up to them, making oneself vulnerable. When trust is violated, people can get hurt. So trust implies transferring part of one’s own well-being to another. Trust is a matter of relinquishing control.
Sovereignty is the quality of having full control and power over oneself. When it comes to anonymous interactions, where the parties involved don’t know each other or — more importantly — when they know enough not to trust one another, sovereignty is very valuable. If you can’t trust your counterparty, it’s better to be invulnerable.
If trust means vulnerability and sovereignty means control, it’s obvious that they are in tension. One comes at the cost of the other, and different kinds of relationship require different balances between them.
Why Bitcoin Needs Trust (for Now)
Bitcoin was originally designed to maximize sovereignty and minimize trust. In the conclusion of the original whitepaper, where Nakamoto summarizes what bitcoin is, s/he states:
We have proposed a system for electronic transactions without relying on trust. (p. 8)
Sovereignty usually pertains to states, which makes sense because states usually have control over individuals, so sovereignty usually resides with them. Bitcoin gives sovereignty to individuals because giving people control over their money is the whole point.
The best scenario for each individual user and for bitcoin as a whole would be for everyone to run a full node. That would maximize sovereignty and eliminate trust, as it should be. However, a full node requires a desktop/laptop because the amount of storage space, RAM, connectivity, and power that the chain demands is too much for mobile devices.
First and foremost, though, bitcoin is “a system for electronic transactions.” It just happens to be a very good one designed to work without trust. But as ever more people use their mobile devices as the primary or only device, full nodes are an obstacle to adoption. If the technology is preventing adoption, it will probably be easier to adapt that technology to fit existing habits than vice versa.
If bitcoin is to work as a system for electronic transactions — everyday transactions, not just transfers of investment capital — it has to go mobile. And the current state of mobile technology doesn’t allow mobile devices to run full nodes. So in order to make bitcoin suitable for electronic transactions, which was the whole point to begin with, a little bit of trust is necessary to make it work on mobile (for now).
Mass adoption is the cure; mobile is the medicine; trust is the side-effect. But there are different ways to make bitcoin work on mobile with different implications for trust and user sovereignty.
Mobile Bitcoin, Trust, and Sovereignty
Jim Posen gives an excellent, if slightly dated, overview of bitcoin wallets, covering full nodes; SPV wallets; Electrum; client-side filtering wallets (Neutrino); trusted server, local key wallets; and custodial wallets. He also (helpfully!) rates them in terms of their resource use, privacy, security, cost, and the amount of trust they demand from users.
When it comes to trust, everyone agrees that full nodes are best, but they are disqualified because they are incompatible with mobile and deny bitcoin its purpose. As services that require a trusted intermediary, custodial wallets and trusted server, local key wallets offer the least sovereignty and demand the greatest trust. Since three mobile options remain that offer users more sovereignty for mobile bitcoin, let’s forget about these two as well.
That leaves: SPV (BIP 37), Neutrino (BIP 157, the client-side filtering wallets), and Electrum.
So according to Nicolas (and Jim), Neutrino is better than SPV because it avoids Bloom filters and protects user privacy, but wallets using third-party servers are better still because they preserve the decentralized integrity of the whole network.
Nicolas is absolutely right that any part of the process that occurs inside a black box requires trust. Whenever users lose control, they must extend trust. However, he seems to assume that Neutrino wallets black box the choice of which full node will verify the users’ transactions.
But what if that were not the case? What if a Neutrino-based light client gave users control over the choice of node, keeping sovereignty on their side rather than the miners’?
Nicolas hints at this possibility himself: “If you connect to a specific third-party server and use BIP 37 or BIP 157, I define it as an Explorer [i.e. as good as Electrum] wallet, not as an SPV [the worst kind of] wallet.” If a Neutrino wallet can do that — provide better privacy than SPV, let users choose their full node for validation, and do that without tying them to a specific third-party — it would be the next best thing to a full node. It would let bitcoin work on mobile, making it useful for everyday transactions, without compromising users’ privacy or sovereignty.
Breez: Minimizing Trust and Making It Transparent
Breez is a payment service, a great payment service that lets you pay with bitcoin over the Lightning Network. It’s faster and cheaper than using the mainnet, it’s easier than any other non-custodial wallet, and it lets you maintain possession of your own money — unlike custodial wallets.
Breez runs Neutrino, so it’s already better than SPV. But what about third-party servers, like Electrum?
Breez (Neutrino) vs. Electrum (3rd-party server)
Electrum is a great solution as far as it goes. It protects users’ sovereignty by protecting the overall integrity of bitcoin and letting them keep their keys. But there remain two potential problems: 1) Electrum is not part of the core stack, so it creates dependency on a third-party; 2) it’s not private in that the server can track user queries to the chain. The former further removes users from the trust-free bitcoin design. And since giving others access to private information always involves trust, the second problem also potentially compromises users’ sovereignty.
Breez is different in that the connection between the app and the chain is transparent and under the users’ control. Users benefit from the improved privacy BIP 157 offers, and once BIP 157 becomes universal, they will be able to select practically any node. While we can’t give users their own full node (yet ;)), the next best thing is to let them control which nodes their client uses. With current technology, this is the most sovereignty and least trust available in any mobile client.
The next step (coming soon) is to give user the choice of a default routing node — either their own full node, Breez, or another vendor if they prefer.
The Background Watcher (sounds like a superhero, but it’s better)
Breez also includes another feature to help users control the state of their channel: a background watcher. This process will notify users of cheating attempts even when the app is closed and give them the chance to retrieve their money. The refund period is 720 blocks, so users are automatically protected by simply using their phones at least every 5 days. The Breez app doesn’t even need to be open, since the watcher runs periodically in the background without any further demands on the user.
Breez gives users the benefits of bitcoin on their mobile devices, with additional safety measures, in a relationship of minimal trust and maximal sovereignty. Cure, medicine, minimal side effects, no fine print.