Today we are going to talk about the most important value of our dear cryptocurrencies
This thread is commonly done with xTwister, but it’s not a sponso and I didn’t get anything for it. Only my interest and love for the subject brings me to make this thread
Their Mainnet is for today so it’s the best timing to talk about this topic!
https://twitter.com/xtwister_egld/status/1595187229487415296
- The Original Philosophy
- Pseudonymous, not anonymous, but above all, traceable
- How to keep our privacy
- xTwister, Presentation and User Guide
- On Chain Investigation
- The Privicy Trillema
- How to prevent the disappearance of scams
1/ The Original Philosophy
“Privacy and Technology: The Dark Side of the Force” David D. Friedman — 2005
Nakamoto, O holy NaKamoto, we drink your holy writings (I love giving an ecclesiastical dimension to the Blockchain, just for the joke). But the fact remains that Satoshi’s original paper should be known to all like a bible verse, because it is what we believe, what we seek, in our ideals, in our will to change the world and its rules. And it is our duty, mine, yours, to constantly remind what is the real reason of our presence here. And if it is not your case, that you are here only for the money, it must become so and I will do everything i can to. But Satoshi Nakamoto is “only” the founder of Bitcoin, he is not at the origin of the Cypherpunk thought, it existed long before his great invention :
- The Crypto Anarchist Manifesto from Thimothy C. May (1988)
- The Cypherpunk Manifesto from Eric Hughes (1993)
- The Case for Privacy from David D. Friedman (2005)
- The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom? David Brin (1999)
https://nakamotoinstitute.org/literature/
So much writing that should be in our mental palace to remind us in these complicated times, the purity of ideals that accompanies the cryptos. Our privacy is one of our fundamental rights and nobody nor any institution should be able to deprive us of this freedom. Whether it is through the theft of our private data, mass spying, mass influence via the use of our data to direct our consumption through AI recommendations.
But also by the monetary policies that are being built via the CBDCs and that could allow the tracking of our spending, the control of it by rationing it, by limiting it in time in order to take away our right to save and so many other risks. But if the cryptos finally allow us to have an alternative to the currency controlled by the states and by the big capital via the self custody, there is a last risk that this one can not lift because of their pseudonyms caracteristics.
The compromise of our public key identity
2/ Pseudonymous, not anonymous, but above all, traceable
The difference between anonymity and pseudonymity is small but very important :
- Anonymity allows you to keep total control over your private life, but although this is appealing, in a world as deceitful and malicious as ours, I don’t think it is desirable, because if anonymity is important from a personal point of view, it can be very problematic when talking about organizations or institutions
- Pseudonymity allows you not to reveal your identity, to create a new one, but the link is still there. This pseudonym or address, is linked to you and you alone, and if by any means someone/something is able to make the link between your identity and your pseudonym, your privacy is compromised
The pseudonymity is thus all the added value of cryptos, protected its private identity, without falling into the total monetary anarchy, and allow the famous quote :
“Don’t trust, verify”
The traceability is extremely important in order to avoid all monetary interactions which would be of the order of the manipulation, of the attack organized with destructive ends, but also the resistance to what we names the Sybil attack.
The Sybil System of Psycho Pass Anime, a MUST watch if you like dystopia, a masterpiece to put on the same level as the dystopian novels of the previous century
The Sybil attack is an attack within a reputation system such as a governance system for example, where the attacker would take control of the network, governance decisions, or RANDOMLY, to win a large number of Launchpad tickets, by using a large number of fake accounts or false identities 👀.
Network of accounts having farmed tickets on the Ash Swap Launchpad from one of my analysis
All these risks can be solved by the traceability that blockchain allows and it is absolutely fundamental that the decentralized systems are able to use this solution wisely in order to react accordingly without compromising the decentralization of the decisions and the network. What, you will agree, is an extremely difficult problem, but I think that we do not yet put all the necessary efforts to the task to resolve it.
But this traceability also makes our right to privacy fallible since only changing our funds of wallets is not enough to keep it.
This is where Mixer and CoinJoin come in.
3/ How to keep our privacy
These considerations have arrived quite quickly in the cryptos notably thanks to two solutions, Monero and Tornado Cash.
Monero and its XMR token
If, as said before, a system like Monero which is an anonymous blockchain, brings in my opinion a monetary anarchy which when it is global brings more problems than solutions for the lambda users, even if the personal monetary anarchy can be beneficial from the point of view of the individual, it will be largely more harmful to us if we leave the right to the institutions and to the big entities to act without any regulations and possibility to control their actions. This is why I think that a completely anonymous system is not desirable.
Tornado Cash, a mixer protocol on Ethereum
Tornado Cash it is a protocol on Ethereum which made a lot of talk these last months in particular by the arrest of one of its developers for I recall it,
FOR WRITING LINES OF CODE.
This reaction of governments should make us jump out of our seats and this for me is an act that definitely shows what governments are afraid of, to lose total control over what makes the hegemony of the states today, take away the control of the currency from the state institutions and they lose one of their biggest power.
Tornado Cash works on a rather simple system to anonymise transactions, you send your funds to a smart contract which sends you back a key in exchange. Thanks to a cryptographic function called Zk Snarks — which are zero knowledge proofs algorithms allowing two entities to verify that they are both in possession of a secret parameter without having to reveal it — you can recover your funds anonimously. By sending this secret key to the protocol with another wallet, the protocol will be able to send your funds back to you without any link being made between the two addresses (with a few conditions that we will see later).
And this is exactly what xTwisters wants to bring to the MultiversX ecosystem.
4/ xTwister, Presentation and User Guide
xTwister is therfore a fork of Tornado Cash on MultiversX that allows you to send your funds to any wallet in a totally anonymous and secure way.
How to use it ?
First of all, if you want to be absolutely sure that you leave no trace, although this seems a bit overkill (we do not joke with privacy), the best way is to interact with the smart contract by having cleared/blocked all cookies and trackers in your browser or to use for example a browser like Tor.
Tor web, always interesting to know how to use it
When you make a deposit, you will receive a note which is a very long string of characters.
A little advice, to be on the safe side, open a notepad and copy it, then print or copy the note onto a piece of paper that you will keep VERY carefully and then delete your notepad so as not to leave any trace on your PC.
If you lose it, no one will be able to retrieve your funds and they will be stuck in the protocol forever.
It is very important that you check the result of the transaction on the xExplorer because it is possible that the windows displays a failed transaction whereas this one really took place (problem present on all the dApps).
If the transaction really failed, the funds will remain in your wallet and you can destroy the note, log out, close your browser and start again.
When you want to retrieve your funds, click on withdraw, you will arrive on this interface indicating the privacy score of your transaction, indeed it is very important that a certain time has passed before the return of your funds for reasons I will detail later. (Always use the function when you have an acceptable score with green indicator)
Once you are sure that you are well connected with your second wallet which of course must not contain any transaction that could link it to your first wallet to remove any links, you can enter your note and proceed to withdraw your funds.
You can also choose to send it to a new wallet with the Relay feature. With this feature, the relay will take care of transaction fees so that your wallet will be able to pay the withdrawal fee, so you don’t need to provide funds to the new wallet via… your own wallet or a CEX which you’ll admit would be quite inefficient in terms of privacy.
Now some details about the Protocol :
The user fees will randomly be 2% to 5% in order to add an anonymization factor, indeed it will allow each withdraw to be different for similar deposits which will complicate the task to make the link between your 2 wallets.
This may seem expensive, but necessary to the project since if the traffic is low enough, the anonymization of your transactions can be uncertain, that’s why the project plans to run bots performing transactions to allow an acceptable anonymization, even when the traffic is low.
Numerous test phases have already been carried out with Bug Bounty Programs, but at the opening of the Mainnet, the protocol will remain in beta mode accepting only deposits of 1 $EGLD with a reduced fee of 50%.
Also the project foresees some new features once the protocol is fully functional :
- More Tokens (starting with USDC)
- Community suggest Impovements
- Bug Bounty Program
- NFT pass / Utility Token for Early Adopters
- Blacklisted Wallets to avoid scam/rugpull wallet to use the service
When the Consolidation phase of the protocol will be finished, the devs will modified the SC to be non upgrdable and let the protocol in “Auto-Pilot” and make the dApp fully autonomous.
5/ On Chain Investigation
xTwister gives you some tips to improve the anonymity of your transactions, but why are they so important? Let’s look at it from an on-chain point of view how I could find you
Why is it important to leave time between your deposits and your withdrawal ?
Well, imagine that I trace the history of the number of tokens held by the protocol and by bad luck when you deposit your EGLD there were not already in it. The total number of tokens held by the protocol goes from 0 to say 1 $EGLD, so if you don’t wait for another $EGLD to be deposited in the protocol before withdrawing, there is no doubt that the next transaction will be yours and unless the protocol is very highly used, a withdraw transaction arriving only one minute after the deposit transaction would lead one to believe that the same actor performed both transactions, so be patient, it’s important.
Another very important thing is to make sure you use multiple output wallets if you use the protocol often, this is very important.
Imagine that you have used the protocol let’s say 37 times, and that these 37 times you have used the same output wallet. If I use all the data at my disposal and find that you are the only wallet to have used exactly 37 times the protocol, no doubt, I could link your two wallets. Because you were the only one in this case, it is therefore very important to avoid any use that would make your interaction with the protocol unique.
There is only 20 wallet but you have understood the logic
And I can go even further if you annoy me too much, if for example you used 37 different wallets for your 37 transactions. If you ever re-centralize the funds on a single wallet, by retrieving all the second level data from all the wallets that interacted with the protocol, I would also be able to find you, which is why you would have to use the protocol again if you want to re-centralize your funds on a single wallet. So small transactions could betray you, preferring a single large allocation to a single wallet is wiser.
Moral of the story, don’t mess with an On-Chain Sluth or use xTwister with caution, nobody ever sowed the lightning.
6/ The Privacy Trillema
As you know, mixers are a powerful tool, and like any powerful tool, they can be used for both honest and dishonest purposes. It should not occur to us to put your Japanese kitchen knife seller in jail because you killed your wife with it. But that’s what the Dutch government did with the Tornado Cash develloper.
Yes, Tornado Cash was used to disappear funds from scams. But it would be absolutely dishonest to summarise its use as such when 90% of users use it to ensure the anonymity of important transactions or to restore their privacy.
Just like blockchain and Governance (which I ““theorised”” in my thread on the xExchange), privacy has its own trilemma and I think that every fundamental subject has a more or less obvious one. (Perhaps the triforce is an immutable law of our universe?)
User protection and privacy / Scam resistance / Decentralization
- Too much user protection is nothing more or less than a hyper centralized system like Bank or CEX, the lack of decentralizations allows you to freeze any account and restore the funds of a stolen user
- Too much scam resistance does not allow you to ensure the privacy of your users and jeopardises the decentralisation of your network
- And finally too much decentralisation, it is impossible to recover or freeze the funds of a scammer, the privacy of user is respected, but not his protection.
To come back to the trilemma principle, it is something equivalent for me to something called “unstable equilibrium point” in thermodynamics.
I can already hear you saying “what? you’re still going on about your thermo thingy thing that no one understands except mad scientists”.
And i would answer you that physics is one of the most powerful tools to understand the macroscopic nature of our universe and that it is an extraodinary way of thinking fundamental things and to make the links between subjects that seems to not have any connection.
When you are dealing with a problem that includes 3 variables that cannot be maximised at the expense of another, the balance to be found between these three variables so that they are all at their maximum capacity is such a fragile balance, that the slightest fluctuation will lead to a chain reaction which will again favour one of the three parameters.
You can think of it as a ball on a concave surface, the balance at the top exists, but is incredibly fragile :
Contrary to a convex surface, if a disturbance makes the ball move closer to one of its parameters, the thermodynamic equilibrium will make it return automatically to the equilibrium :
But I won’t bother you with it anymore, I’ll probably make a full article about it! Sorry I like to ramble on during my articles, but it allows me to introduce you to new subjects to learn about, so I hope you enjoy it.
7/ How to prevent the disappearance of scams
Let’s go back to the last part, how can we prevent scams from using the protocol to disappear and trying to get rid of these trilemma problems that seem unsolvable ?
As stated in the xTwister WP, they are considering listening to the community in order to blacklist certain fraudulent accounts, which would necessarily centralise the decisions, but if this is done well, there is no reason for this to be a problem, the protocol and the community would have no advantage in spending energy blacklisting accounts that do not deserve it.
This is why if the project decides to launch their utility token, it would be interesting in my opinion to elect community relayers who are capable of reporting suspicions of scam as quickly as possible in order to blacklist the addresses for the time needed to investigate and rule on the nature of the account. I don’t think a vote of governance would be a good choice to decide if an account should be blacklisted, the procedure would be too cumbersome and too slow and we would miss the scammers every time. On the other hand to submit to the vote on the final decisions once being able to present a detailed report of the facts, there, yes.
The best thing for me would be to centralise decisions around whistleblowers that the community trusts, elected by governance, and when someone in the community is dealing with a scam, come and warn these people as quickly as possible in order to warn the team.
But this would not allow us to recover the funds, unless we could come to an agreement with the scammers, either by finding out their identities via for example a KYC that MultiversX could confirm to us that it was holding in order to put pressure on the scammer.
Give the funds or Cops !
(who will be able to request KYC from Elrond in a legal manner)
But this will always require conditions in which the scammers have made mistakes, which will not always be the case.
How to build a system that could reliably recover funds from a scam without jeopardising the privacy and decentralisation of a system is a very complicated question, what if the answer was something we already do? Create incentives to have an adequate decentralization while having actors hyper involved and active in the validation of addresses that would have the right to interact with the Mixer? A backdoor could be accessible only by vote of the DAO, activable in mutlisig in order to recover the funds that would try to transit from a scam? Of course this would assume that the tokens would have to remain blocked for several days before being released if the DAO does not interfere and that no competing mixer would come to compete with this system, may be unrealistic, but ideas have to start somewhere !
I couldn’t tell you more about in today’s article it’s a whole subject, but maybe another day !
Thank you for reading, I hope you have understood the importance of the existence of such a protocol within our blockchain and that despite the misuse, we absolutely need it.
One last things
Something I’m extremely proud of, is that I’ve found a community that doesn’t mind reading and sharing my very long articles, often moving away from the initial topics to better understand them.
I feel like we are achieving something very complicated in our day, pushed a whole community not to be satisfied with easy content, to go beyond the surface of these kinds of topics that are very important to understand in depth and that makes me extremely proud of the special relationship we are building together little by little.
Tweet Share
You can check if you are not dealing with a scam
Check now
@elrondwiki.elrond