Bitcoin.com recently got together with Bitcoin developer Daniel Krawisz to discuss his new creation Shufflepuff — a coin tumbling tool, which tested its first transaction on August 15. But while Krawisz, a well-known writer and founder of the Satoshi Nakamoto Institute, is a strong proponent of cryptocurrency privacy, he would never support Altcoins such as Dash, or Monero as he believes all altcoins are basically snake oil.
Krawisz has been working on Shufflepuff for over a year now and has kept me up-to-date with its progression since its inception. The developer has also been working with the Mycelium team, and the project is being implemented into the company’s wallet interface in the future. Krawisz chatted with me about the platform’s first transaction and why he believes privacy is an important aspect within the Bitcoin space. The project is all open-source, and he hopes that other wallet software programmers will also implement his new tumbling application.
A Bitcoin investor should want to support black or gray market use cases in order to keep Bitcoin relevant.
Shufflepuff Anonymizes Transactions to Protect Bitcoin Privacy
Bitcoin.com (BC): Can you tell us why you feel there is a need for privacy applications in the Bitcoin space?
Daniel Krawisz (DK): The Blockchain is permanent and public, so people should really be concerned about the information they leave in there because it can never be taken back. It’s really important not to be careless.
Furthermore, from a practical standpoint, most of the commerce that depends upon Bitcoin is in the black or gray markets. A Bitcoin investor should want to support black or gray market use cases in order to keep Bitcoin relevant.
BC: What’s up with the name Shufflepuff?
DK: Shufflepuff is a pun on Hufflepuff, the Hogwarts house, whose mascot is an anarcho-capitalist badger. I wanted to rebrand anonymity as something cute and cuddly. Eugene Siegel, someone I was working with at Mycelium, came up with it. Shufflepuff is a wizard honey badger.
BC: What is your overall goal with this project?
DK: I want an accessible tool that I could use to protect my own investments better!
I think that there are some fallacies about anonymity that have led people to have some unrealistic expectations about it, and that’s one of the reasons anonymity is hard to come by today. I wanted to make something that will teach people about what I think anonymity is and maybe that will make things will work better in the future.
Anonymity is hard to come by today.
BC: What are some of these fallacies?
DK: Fallacy: Anonymity can be provided as a service by a company.
Reality: Anonymity is inherently about hiding in a crowd. If there is no crowd, then there can be no anonymity. It is better to think of anonymity as a service provided by the members of a private club to themselves. The club organizers can provide related services, but the real benefit of an exclusive club is access to the other members. A good anonymity service can at best ensure that it helps to assemble a good crowd, but cannot on its own provide anonymity to anybody.
Therefore, if you want anonymity, you have to expect to play both the role of a customer and a service provider at the same time. In Bitcoin, this matters because once you have an anonymized output produced by a join transaction, you can do things with it that ruin your own anonymity and reduce the anonymity of the other people involved in it. For example, you can merge the output with another output you control. A good anonymity service in Bitcoin will provide some assurance that the people making a join transaction are competent enough not to do something like that.
[I]f you want anonymity, you have to expect to play both the role of a customer and a service provider at the same time.
This is not a huge level of responsibility, but it is important to understand that the join transaction on its own is not enough to provide anonymity. People need to maintain that anonymity afterwords.
Fallacy: You can hide among everybody rather than a select group.
Reality: Anonymity typically requires every participant to follow a protocol correctly or else they don’t form a good crowd to hide in. A better model for an anonymity service is that there is a crowd of people which provides anonymity, and it is publicly known who is in this crowd. When the crowd begins its anonymity protocol, it is impossible to know who among them has performed which action.
For a big enough crowd, there are probably enough responsible people that you don’t need to check on everybody or reject people who will not be anonymous. This is how Tor works. There are so many people using it that the concerns I’m discussing here just aren’t very important. However, join transactions in Bitcoin will involve a relatively small number of people, so it’s more important to ensure that everyone involved is responsible.
Today, there is a stigma against anonymity, so people may not want to reveal the fact that they have ever been part of an anonymous crowd or that they have any intention of doing so. In addition to securing anonymity, it is important to fight the stigma. Everyone would want anonymity under some circumstances, and it should not be seen as something wrong or inherently suspicious.
Fallacy: You can be anonymous with people who are not invested in anonymity.
Reality: What this means is that you shouldn’t expect to get anonymity from random people. You should get anonymity from people that you can check out to make sure they will do a good job providing it. And you should expect them to check you out the same way since you will also be acting as an anonymity service provider! In particular, you cannot expect to just meet random people over Tor who provide you with no information about themselves and make a join transaction that will continue to protect your anonymity over time.
You need to have evidence that the people you will join with will be responsible in the future. There are two ways you could do this. One would be by showing evidence of successfully maintaining anonymity in the past. If they have a history of join transactions that they can show you, and you can’t de-anonymize them, then they are probably good people to work with. There is an apparent paradox here because, in order to be anonymous, you want to find people who have a reputation for being good at anonymity, and you want to develop such a reputation yourself in order to have access to these people. But the whole concept of a reputation is impossible if you are anonymous. The paradox is resolved when you accept that it is neither possible nor desirable to be anonymous all the time. You need to choose when to be anonymous and when to have a reputation.
You need to choose when to be anonymous and when to have a reputation.
The other possible way is to use the handicap principle and to require everyone to burn coins or show proof-of-work before the join can take place. Someone who is provably invested is more likely to be someone who actually wants anonymity rather than just a troll. (A reputation can be considered a kind of handicap, so you could say that the handicap principle is the only answer.)
One of the ways that CoinShuffle is an upgrade over CoinJoin, incidentally, is that a player who does not follow the protocol correctly can be identified after the protocol fails. This feature is useless for a set of players that aren’t invested already because if they aren’t, then exclusion meas nothing. If they have a reputation or some other kind of investment to lose, then you want to be able to identify them.
BC: How did you get involved with working with Mycelium using CoinShuffle?
DK: Mycelium is well-known for supporting privacy with their wallet. When I started working for them, they were interested in supporting a means for their users to create join transactions. We looked into JoinMarket, but I didn’t think JoinMarket was ready to be provided to end users. Tim Ruffing’s paper on CoinShuffle had come out recently, and we looked at that, and I thought that it would be a good foundation for an anonymity service.
You need to use every trick in the book to protect your anonymity.
BC: What didn’t you like about JoinMarket?
DK: JoinMarket is actually a market for liquidity in join transactions, not a market for anonymity. The idea of JoinMarket is that you (the taker) pay someone else (the maker) to engage in a join transaction with you for a given amount of coins. You are paying to get a join transaction sooner rather than later. That is not the same thing as paying for anonymity.
If I were going to pay a market maker to make a join transaction with me, I would want to ensure that he is also going to provide anonymity. In order to do this, I would want him to be able to prove to me that he has engaged in join transactions in the past which I cannot de-anonymize. This is really the only way for me to ensure that I’m getting anonymity is to look at a person’s portfolio to see that they have successfully provided anonymity in the past. JoinMarket does not yet provide functionality like this. I think it makes more sense to worry about anonymity first before worrying about liquidity.
The JoinMarket team seems really serious about coming up with something useful, and it’s only in version 0.2.0 right now, so I hope that I will be very enthused about JoinMarket in the future.
BC: What are your plans for future developments for Shufflepuff?
DK: Right now Shufflepuff isn’t much more than the CoinShuffle protocol, and it is entirely up to the user to schedule joins and find people to join with.
The first thing I’d like to do is to make it easier for someone to someone to set up a join transaction with other people he knows. The way this will work is that one instance of Shufflepuff will act as a host and collect IP addresses (or other contact information) from other instances of the program as they connect and sign up for the join. Once everyone has signed up, then they will all connect to one another and run the protocol.
I would also like to provide a simple wallet that helps to prevent people from ruining their own anonymity. Standard wallets do not have the built-in capability to ensure that a user does not merge outputs irresponsibly. This wallet will generate change addresses for spending but not receive addresses, and it will not merge an anonymized output with an output that is not anonymized or one that was anonymized with a different join transaction. Once you have run low on money, you give the remaining funds to the miner or run them through a traditional mixer. Until this capability is built in, Shufflepuff is best used to secure your investment rather than for buying stuff on the dark market, unless you know what you’re doing.
— Shufflepuff (@CoinShuffle) August 15, 2016
I think that a good service would be something like a server that scheduled join transactions for standard amounts to take place at regular times. You could sign up to engage in one of the join transactions, and the server would enable you to contact the other people to make the join transaction at the appointed time. The server could also exclude people who were irresponsible with their anonymity in the past. I know that some people around here react with horror at the word “server,” but the most important thing is to be private in the blockchain. It’s way more important to have privacy there than anywhere else. Furthermore, this server doesn’t have to know anything about you other than a pseudonymous identity and its history of past join transactions.
Shufflepuff is best used to secure your investment rather than for buying stuff on the dark market, unless you know what you’re doing.
It would be nice to create compatible CoinShuffle implementations in other languages besides Java so that other wallets in other languages can interact with one another very easily. Shufflepuff will be mass marketed first as a part of the Mycelium wallet, but it is really a better product in the long run if the user has access to as many other people as possible to join with, not just other Mycelium users.
BC: How does Shufflepuff mechanism remove the need for third-party centralization in typical mixing scenarios?
DK: The big advantages of making a join transaction with a protocol like CoinShuffle over the use of a mixer is that there is no party which can potentially deanonymize you or steal your funds. You can run CoinShuffle with a bunch of other people, and by the end, none of you has risked your funds, and none of you knows who owns what.
However, there are also disadvantages to a join transaction. The biggest one is that everyone who makes the transaction must mix the same amount of coins or it is easy to match inputs with outputs. That’s a very inconvenient restriction! So sometimes you can’t avoid using a traditional mixer. You need to use every trick in the book to protect your anonymity.
Thank you Daniel for speaking with us about Shufflepuff. At Bitcoin.com we are big fans of privacy and we look forward to seeing this project develop.
You can follow Daniel Krawisz on Twitter @DanielKrawisz and Shufflepuff as well @CoinShuffle
What do you think about Shufflepuff? Let us know in the comments below.
Have you been to Bitcoin.com’s store? We have the coolest Bitcoin swag on the planet from t-shirts, to artwork, hardware wallets, and mining accessories. You should also check out our forum where you can discuss the latest trends in the Bitcoin universe. Check em’ both out today!