Bitcoin’s Attack Vectors: Fungibility
When attempting to define the characteristics that make a currency ‘functional’, Aristotle settled on five traits – fungibility, durability, portability, divisibility and intrinsic value. For the most part, you could make a strong case for Bitcoin satisfying the last four (there’s some debate on what’s meant by intrinsic value, but that’s for another article).
In this piece, we’ll discuss the concept of fungibility and how it applies to Bitcoin. Whilst not an attack in and of itself, lack of fungibility is an obstacle to the coin’s value as currency, and can be leveraged against network participants.
Put simply, fungibility is the quality of a good that makes it interchangeable with another good of its kind. Take the examples of gold or stocks — if you were to swap a pound of gold bullion for another pound of gold bullion, you’d expect them to have the same purchasing power across the board (overlooking premiums for numismatics/spread price).
This is a trait you want in a currency. You’ll have a hard time distinguishing between bullion that’s been freshly minted, and bullion that’s been used as a means to hire assassins and purchase slaves.
The same goes for the fiat currencies (n.b. notes aren’t actually perfectly fungible, as they’re serialised). Remember those reports about the majority of dollar bills containing traces of cocaine? This has had no impact on the 1 USD = 1 USD equation. Merchants in the nation (and even beyond) are happy to accept bills irrespective of whose possession they may have been in prior.
Consider, however, a fiat currency where each note issued has a QR code printed on it, which, if scanned, would list transactions dating all the way back to its printing. Previous holders might not be unmasked initially, but firms would undoubtedly crop up eventually to attempt to deanonymise them with sophisticated analytics.
Why should you care?
Because this is exactly the dilemma that Bitcoin faces. It isn’t private. You can see who (or rather, which address) has held a given coin in the past. And adversaries know this. Actually, most know this, but I have a client that somehow missed every single OPSEC 101 lesson and continues to use the same address that they’ve used since January. Within seconds, you can see every transaction the wallet has been involved in for the past year.
I’d make the case for Bitcoin being somewhat fungible for now, in that many merchants/services/individuals will indiscriminately accept coins from anywhere (besides, at the technical level, they’re functionally equivalent). That said, this fungibility is very much at risk in the long run — it’s an immutable ledger of transactions in the age of Big Data, what did you expect?
As entities begin to link addresses to unsavoury activities (and coins to said addresses), the ‘taint’ metric can be applied. It shouldn’t matter where your satoshis have been, but unfortunately, it does. Prominent organisations in the space (yep, governments, too) are already blacklisting addresses.
As time goes on, it’s not unreasonable to assume that services pliable by regulators could be forced into rejecting/freezing/turning over coins that have passed through flagged addresses.
Moreover, if you’re buying coins off a KYC-compliant exchange, the issued UTXOs can easily be linked to your identity.
It stands to reason, in this bizarre new paradigm, that older (heavily-used) coins would be less appealing to your average user than ‘untainted’ ones. If there’s a widespread crackdown on ‘unclean’ coins, are you really going to pay the same price for a bitcoin that’s been newly-mined and one that’s passed through the Silk Road 107 times?
The notion that older coins could be worth less than newer ones is a fungibility disaster. You hear stories of OTC market for ‘virgin UTXOs’ being sold for a premium — BlockTrail’s Mint once offered this service.
Fortunately, alongside scaling, privacy is perhaps one of the foremost priorities when it comes to improving the protocol – greater privacy guarantees greater fungibility, which is absolutely critical to strengthening Bitcoin’s chances at becoming a functional currency.
A variety of different solutions have already been devised. Some require direct upgrades to the base layer (i.e. Schnorr signatures/MAST/Confidential Transactions), but others have already been implemented around it – the Lightning Network, CoinJoins (check out our recent piece on Wasabi Wallet) and tools like Samourai Wallet’s Ricochet aim to obfuscate the provenance of funds.
Currently, it’s easy enough to muddy the proverbial waters so as to not reveal the source of coins – these chiefly rely on making it infeasible for an adversary to cluster and deanonymise addresses at scale. Over time, as analytics improve, it’s imperative that mixers and other privacy-enhancing tools evolve in order to preserve this difficulty. The viability of Bitcoin depends on it.
This is the sixth part in a series on Bitcoin attack vectors. If you haven’t already, check out parts one, two, three, four and five here.
Cover art by author, photo modified from Pexels.
