Understanding TumbleBit Part 2: The Endgame — Instant, Anonymous, Scalable Payment System On Top Of Bitcoin
In Understanding TumbleBit Part 1: Making the Case, I talked about the importance of privacy in general, the state of privacy in Bitcoin and compared TumbleBit with other alternatives. You do absolutely not need to read that in order to make sense of this article. To recap, take a look at this tweet:
Today I will speculate on the SSJ God level. And maybe, just maybe you will feel like it all makes sense and become more excited than ever about the future of Bitcoin.
In this article I will outline the idea, the dream, the vision, the end game of TumbleBit, a trustless, instant, free, anonymous, scalable payment system. On top of Bitcoin.
Ok, but how soon?
At the moment there are multiple implementations, a proof of concept from the creators in C++, a more advanced codebase from them in Python. And there is a NTumbleBit in .NET Core, a production ready TumbleBit: Classic Tumbler Mode, you know the Super Saiyan one. However, it is yet untested, undocumented, user unfriendly and undeployed. Others are planning to implement it as well.
Generally Ethan Heilman and the other cryptographers from Boston University are concentrating more on the theoretical, the academic part, while Nicolas and me are on the practical, the implementation part.
In the end all of us are in daily contact, working together and helping each other. For example, I just executed a brilliant and well-planned social engineering attack on Ethan:
Therefore I can provide you the opportunity to contribute if you want: 199G7vQxuSYRNRrcM7qatY2kRH69g7qmpo
Using a payment hub vs on-chain mixing
There is a fundamental problem with on-chain mixing. Consider how mixing works, you send the Mixer some bitcoins and it sends back completely unrelated ones:
Imagine you bought two bitcoins. One to hodl and one to buy alpaca socks from the Silk Road, therefore you send 1 BTC to a mixer and buy the socks. However, that is not how Bitcoin works. You actually have to spend all your 2 BTC. You spend 1 BTC to the mixer and 1 BTC change goes back to you.
If you later acquire another 1 BTC and decide to buy something for 1.5 BTC that transaction would look like this:
You are joining coins together. This is not ideal from a privacy point of view. This is one of the main reason why the blockchain surveillance companies are thriving. Therefore any bitcoin mixing that often visits the Bitcoin blockchain is not ideal.
Why do we not send all our bitcoins to CoinBase and keep transacting inside their system? Wait a moment, we now have instant transactions! Even better, we have just reclaimed our privacy, too!
There are two problems, though. One, CB can steal our coins, and two, CB can deanonymize us. We only have an instant, free, scalable payment system, although we want a trustless, instant, free, anonymous, scalable payment system. This payment system would be CoinBase: Super Saiyan God mode, or in a lamer name, CoinBase, bi-directional payment hub mode.
The question is, how do we take a centralized mixer, like CoinBase to Supa Saiya-jin Goddo level? Or rather how do I convince you that it is possible?
Using bi-directional multiparty payment channels, we can make CoinBase trustless. I will not go into the details, you can read up on it at many places, I would just like to point out the fact for this to work CoinBase has to have at least as much bitcoins as much volume goes through it. This is a very real economic bottleneck and will probably result many CoinBase hubs, or let us say TumbleBit hubs from now on. On the other hand, this is a positive Bitcoin price pressure, so keep hodling.
How can we hide who sends who inside the payment hub from the payment hub? TumbleBit provides a fascinating solution for this. It is based on David Chaum’s blind signatures from 1999.
How does Chaum style e-cash work? (all the Wiki links are broken)
Here's the basic idea of blind signing in Chaumian e-cash: Let's suppose that a central issuer (Chaumian e-cash is…
I should mention the SSJ God level is not carved in stone yet, or shall I say that it is not written in whitepaper? Its achievability is uncertain at this point, only the SSJ3 level is certain, what I totally dismiss in this article, because it is about the end-game, not the middle-game of TumbleBit.
What do you think? Will the creators go from a day’s long running, Bitcoin full-node requiring, untested, undocumented, user unfriendly, undeployed CLI software to a trustless, instant, free, anonymous, scalable payment system? Find out in the next Tumble Bit Z episode…