Bitcoin P2P: from “Pointless” to “Paranoid”
Bitcoin has many characteristics that make it unique, and from those characteristics come many benefits (or disadvantages, depending on the point of view). But even if many of those benefits are well known by several people, that doesn’t mean they are really being taken advantage of. That has to do with the way we use Bitcoin, because yes… there are many ways to use ir.
In this article I’m going to focus on “Security” and “Privacy”, and on how they are affected depending on the way we use Bitcoin. But before I continue, I would like to make some disclaimers so we are all on the same page from the start:
When I speak of “privacy” I’m speaking of the capacity of an individual to store and protect data that identify us or that identify our actions, from any external individual that tries to get access to them. Having ourselves the control and the power of deciding when we want to make that data visible, and to whom.
Speaking of “security” is a very very wide topic, and when we do it we can be talking about things like: can someone hack my device? can someone hack my wallet and steal my bitcoins? is that software susceptible to failures and bugs? when I send a transaction in Bitcoin, will it make it destination?
Therefore, and since I don’t plan to be thorough today, I’m going to refer to all those things as “security”.
Now, what do I mean when I say that there are many ways to use Bitcoin under those two parameters? I’m talking about a spectrum in the way of using it that goes from “Pointless” to “Paranoid”, that it usually correlates to the path we walk when we enter this world.
In order to understand the rest of the article you should have minimum knowledge about Bitcoin because I won’t go much deeper into definitions.
Let’s start step by step.
Step 1: “Pointless”
We have our bitcoins in a platform (usually operated by a company) that could be an exchange or a broker for Bitcoin or cryptocurrencies. We log in using a user and a password to check our balance and from there we operate.
Under this setup we are not taking advantage of any of the advantages or differences that Bitcoin brought to the world. So it seems kind of… pointless.
As far as security goes, we are in a situation very similar to the one we are in with banks, where we don’t have our money fully at our disposal because it is stored by a third party and we only have the right to command what to do with it. The difference might be in the security we think a bank offers versus a privacy company to store and operate with our money.
The privacy is non-existent in this setup because the exchange or broker that I use not only have access to all my operations with money (which says a lot about oneself); but it also requires, due to regulations, a lot of personal information to create the account (KYC). In addition, and due to such regulations, our information can even be viewed by others like government authorities that ask for it.
Step 2: “not your keys, not your bitcoins”
This title is a reference to the famous phrase by Andreas Antonopoulos that highlight the fact that the only way to control your bitcoins (move them, spend them) is through the use of the corresponding private keys.
So the next step is to use a true Bitcoin wallet. This wallet will allow us to have control over the private keys and therefore be the only ones able to sign/authorize transactions to move funds.
We no long depend on a third party to authorize a Bitcoin transaction. Also, the storage of our bitcoins (the private(s) key(s)) is now our responsibility and it’s under our power, so no third party can lose them, steal them or confiscate them because the don’t even have the ability to do so.
By not having to interact directly with an exchange or broker, that know our full identity, our privacy gets incremented. There are still other parties involved (we’ll get into that) but the knowledge about our identity by those parties can be low or non-existent.
Step 3: “hard mode”
This step is not really hard, but quite the opposite. It is just a small improvement over the previous step where we already took control over our keys. The difference is that now we will have hard-ware.
The problem with having a wallet in a mobile device, or even in a laptop, is the security (or vulnerability) of such devices. These devices don’t have the necessary security measures and the appropriate hardware to store critical information like the keys to your bitcoins which, after all, are funds… and could be a lot! On top of that, nowadays such devices are usually online all day, which adds an additional risk.
For those reasons the hardware wallets came to be, and they are just physical devices of the size of a USB stick or a calculator which store inside them the private keys. Not only that, these devices are also the ones who sign (authorize) the transactions to send. There are many security features included in these devices, which also vary according to each brand and model, but that is out of the scope of this article.
By storing the keys internally and sign transactions right there, the hardware wallets are a clear improvement on the management of private keys. Because of that the keys never “touch” your mobile device or your laptop thus avoiding risks of hack, manipulation or leakage of information. It’s a good step forward in terms of security.
Because of the way these devices work by default (good use can change that), there are no privacy improvements in relation to privacy versus the previous step.
Step 4: “be a Node”
So far we made sure we had control of the private keys that allow us to control our bitcoins. But Bitcoin was born also around the idea that each member of the network can validate the transactions and make sure all the rules of the system are being followed (the protocol), without relying on third parties that do that for us. In order to achieve that, by design, each member of the network (a “node”) has to be able to go through the complete history of all the transactions ever made (the Bitcoin blockchain). However, until now we haven’t been doing that since the wallets we usually operate use to connect to a central server that performs all that work for us. To do it ourselves we need to be a real Node in the Bitcoin network: we need to have our own “full-node”.
This full-node is the software that connects to the rest of the nodes in the network and performs all the required validations. The wallets that we install on our phone, the computer, or those some people use from the web, don’t usually comply with these requirements and therefore are not a node. The most popular full-node software is Bitcoin Core, and along with it we can also install some tools that allow us to connect our mobile or desktop wallets to our own full-node to validate transactions and balances, instead of using third party nodes by default. One of those tools can be Electrum Personal Server, which is compatible with several wallets in the market, such as Electrum (mobile and desktop).
Nowadays there are small hardware boxes in the market that already come with the necessary hardware and software ready to connect to the network and have our own nodo in a matter of minutes (eg: Casa, Nodl). One would be trusting in part on those manufacturing companies, but in most cases is a great step forward.
The security in this setup will depend on how we configure our entire environment: from the node, the complementary tools, to our wallets and all the connections in between. But we can achieve a pretty good setup with relatively low effort.
Also, by having control of the full-node that performs all the validations we are protected against a third party that wants to send us bitcoins with an invalid transaction, or any other kind of scam or failures.
Finally, choosing the software for our full-node (being it Bitcoin Core or other) give us the power of choice over which chain and under which rules of Bitcoin we want to operate, in the case of some future where opposite networks appear (it happened already).
In this aspect is where we win the most, since when we rely on third parties to check our balances or make transactions we are are also making all of our funds and Bitcoin addresses visible. By using our own full-node the privacy is incremented considerable, as long as we make sure to never use a third party. As soon as we do it our privacy will be compromised again no matter how careful we were before.
Step 5: “counter-espionage”
Having improved our privacy a lot, there are still a few loose ends. Even if it’s true that we no longer share our financial information on purpose, there are still ways for others to spy on us and gain access to that information without our consent nor knowledge. So we need to go a little further and protect how our data travels so others can’t see it.
One way this can be done is by using VPNs, which it is basically a mechanism that allows us to connect to the Internet through an encrypted connection. Another alternative is to use the Tor network, an open protocol that allow us to establish communications conceptually similar to a VPN, but with anonymous and random participants across the Internet. Many software for wallts and full-nodes already come prepared to use the Tor network, and that is very helpful.
Security often comes hand in hand with privacy: if our identity is associated with information about the wealth we have and how we use it, we are at risk of being attacked because of it. This attack can be for theft or assault, censorship or others. Privacy then becomes another aspect of security that we need to consider.
By using encrypted connections and dissuade prying eyes, we can avoid someone in our local network or even our Internet provider to see what we do. We can also obfuscate information that identify us, like the country or origin where we connect from, and thus improve our privacy. It is clear that is we use a VPN provider, it will have some information that can identify us, but it could still be an improvement over a previous setup. The Tor network mitigates some of these aspects and it is the network of choice in most cases.
Step 6: “evil traceability”
By the way in which Bitcoin works, it is required that we have a unique, open and universal record of all the transactions ever made. It is thanks to that that we can validate all the rules of the system without relying on others. However, this also implies that the funds in Bitcoin are traceable by any person in the world, perhaps not directly with an identity but at least pseudonymously with addresses. But each time we make a commercial operation (isn’t that the point of money?) we are revealing information that links our identity (or part of it) with information about our funds, just by the simple fact of participating in such comercial operation. How can we escape from it then?
There are techniques that give us the ability to avoid as much as possible the traceability in the Bitcoin record, and thus confuse those who try to break our privacy to the point where it will be more costly to do so that becomes worthless. One of those techniques is the detailed control of each bitcoin we posses, more specifically, of each UTXO. We can think of this as if we had all paper cash and each bill is marked, and we had to carefully decide which bill to give who and when in order to make it difficult to track the history of that bill for whoever wanted to. Another technique that exists is the mixing of coins, which in practice is done, for example, using CoinJoin. This practice allows many participants to join their bitcoins together in a common poll and then withdraw them in such a way that an observer wouldn’t know who took what. Doing that repeatedly can make the job of tracking the origin of certain bitcoins virtually or costly impossible. Some wallets, such as Samourai and Wasabi already support these features.
Again, the security comes hand in hand with privacy in this case.
In addition to the measures we take to protect how our bytes are stored and travel through the Internet, we now take measures to protect the privacy of how our bitcoins are stored and travel through the Bitcoin network. This can be of great importance after we make a transaction that reveals personal information. A clear example is when we buy bitcoins through a company such as an exchange or a broker.
Step 7: “Paranoid”
Even after getting here, there a lot more that can be done and much more that we will keep discovering. Many can label us as paranoid by, are we really that paranoid?
The following are just some of the additional measures that we can take to improve the privacy and/or security in a Bitcoin environment:
- Shamir scheme or multisig
Both mechanisms establish that in order to get access to certain funds in Bitcoin, one must have certain fragments of information (keys) which could be distributed in different locations and in different ways.
The two mechanisms described are different and work in different ways: Multisig is a feature that comes with Bitcoin, while Shamir scheme is a method to divide a piece of information (key) into multiple combinable parts under certain conditions.
- “Airgap” devices
Airgap refers to the idea that a device shouldn’t have any kind of connection to the outside world, even if it’s wired or wireless. It could be a laptop without network boards, or a hardware wallets that doesn’t connect to a computer.
In these setups, the airgapped devices are used to sign the transactions and thus avoid any type of information to leak.
- Faraday cage
The Faraday cage is a cage (or tent, they exist) that prevents the electromagnetic field on the inside to be perceived on the outside. That way no one with the special equipment to detect and decode those emissions (yes, they exist too) can violate the privacy of what happens inside the cage and see which transactions are being signed and how.
- Entropy improvements (randomness)
It is known that humans are very bad at generating random keys, and that is why the keys are generated by digital devices. Still, that randomness is not complete. For that reason one can use other sources of entropy at the moment of generating keys, like rolling the dices.
So, how far should I go?
Each step has it’s own advantages and disadvantages, besides a balance between privacy, security, convenience and difficulty. In order to know how far we want to go, it is important to have a clear idea of the needs we have and, fundamentally, what skills we have. Staying in a very low step could mean an unnecessary sacrifice in security or privacy if with a small effort we could go a bit further and protect ourselves. On the other hand, trying to move beyond what our capabilities allow us could make us make mistakes that put our security and privacy at risk even worse than if we stayed in a previous step.
What is my quick advice then? You should ask:
- How many bitcoins I have? Does that represent a considerable portion of my wealth?
- What needs do I have with my bitcoins? How do I intend to use them?
- What do I want to protect against? Which risks do I want to mitigate? What am I afraid of?
- What knowledge do I have and in which way do I feel confortable using them?
The answer can vary, and it can even motivate you to acquire more knowledge and move a step up in your use of Bitcoin (if you need to). The security and privacy are not a goal that we achieve and finish our journey. They are paths that we walk on trying always to get that asymmetry that makes the cost of breaking our security/privacy for an attacker exponentially higher that for us to protect it.
In this article we walked through different setups in a simple way, and sometimes in a superficial way. The topic can become quite complex, but it’s not something one should be afraid of because any person is capable of learning and understanding about this. At the end of the day, it is the price we should pay to have complete sovereignty over our money… and it’s worth it.
And don’t forget your tinfoil hat, those brain waves can be read from here.
- https://glacierprotocol.org/ (Glacier Protocol)
- https://bitcoin-hardware-wallet.github.io/ (Bitcoin Multisig Hardware Wallet Comparison)