Bringing the Fun back to Fungibility

Published, 2018-03-26:
https://www.dashforcenews.com/bringing-the-fun-back-to-fungibility/

Dash and other cryptocurrencies used in day-to-day transactions were originally thought to be fairly “anonymous.” Now, the phrase most often used is “pseudonymous”, while at the same time the blockchain is then described as “transparent.” To add to this confusion, there are also these “privacy” or “privacy-centric” coins of which Dash, Monero, and Zcash are often called out as representative. So, what the heck does all this mean? And how does this compare to the world of fiat? And what might this mean for regulation in the future?

It’s all a bit complicated but I will try to layout the high-level concepts for the layman. Please note, I will try to be as accurate as possible. If I get anything wrong, I will update the article accordingly.


Transactions. Wallets, blockchains, and databases

Dash and other leading cryptocurrencies (Bitcoin, Litecoin, etc.) all have similar properties and functionality when it comes to transacting and tracking ownership of value. In a nutshell, they all maintain a persistent, decentralized ledger of what cryptocurrencies call “outputs”. You can think of an output as a result of a transaction in the form of some unit of value. Additionally maintained is the cryptographic tie —called a private key— between a person and their permissibility to spend an output from a previous transaction. As people transact, they essentially exchange control of their ability to spend those outputs. Conversely, a wallet doesn’t really “contain” Dash. A wallet maintains that private key for the user. If you tally up all the values of those outputs controlled by that private key, you have figured out the “balance” of your wallet. This is why sometimes people like to refer to cryptocurrency wallets as more akin to a keyring than a wallet.

When it comes to fiat, your typical leather wallet actually contains or holds paper currency. But when you take the time to think about it, each fiat paper bill is really just an abstraction for the value that is printed on it, and that value represents the result of some previous transaction (an output, if you will). Your possession of that dollar in your wallet is your “control” of it. Cryptocurrencies use math to govern that control. Fiat paper money uses a physical wallet to do the same.

A fiat bank account, on the other hand, is modeled a bit differently. Your private key (a username and password, or ID and bank account number) maintains control of a database entry that holds a number that represents a monetary value. What maintains the accuracy of that value is your ability to prove how the value was generated (receipts, bank statements), the regulators that overwatch the banks (they have their own receipts and statements) and laws and courts to act as arbitrators in case of dispute. Laws, courts, statements, and receipts. That’s all that really keeps a database entry from being changed by anyone that has access to it. Cryptocurrencies replace all that with the blockchain, your wallet’s private key, and the math that weaves it all together.

Dash therefore is a lot like cash (digital cash) as its name suggests, but also shares a lot of properties conceptually similar to the automation provided by the modern banking system, online payment services, and credit card processors.

Crypto is monetary science to fiat’s faith-based operating model. Thoughts and prayers indeed.

But what about …privacy?

Privacy vs. Confidentiality vs. …

No single term is all-encompassing when it comes to how a piece of information is securely maintained. When someone asks “Well, is it private?” I often respond with, “Private from whom? And which element of the information? Which element of the transaction or storage?”

Example scenario: Fiat cash

If I have $10 USD in my wallet, pretty much only I know about it. If I use it to pay for something, now two people know the value transacted, but maybe not the identities of either party (private and confidential). If one of the parties recorded it though, the value and probably the item exchanged were recorded. Therefore, an auditor may now have access to that information. The public though does not (confidential, but not private) unless it becomes part of a publicly disclosed document.

Person to person: Private. Ambiguous identities.
Recorded or touches an end-banking system: Confidential (not private). Ambiguous source identity.

Example scenario: Fiat bank account

Same scenario, but I have $10 USD in my bank account. No matter how I use that $10, it is recorded, stamped, blessed, baptized… by the banking system. Your money is in custodial trust. Since your bank has to abide by KYC/AML rules and regs they know exactly who you are and can even dig up past banking behavior and transactions. BUT! The public still does not have ready access to this information. It’s not terribly secure information, but it is confidential. Only you, your bank, credit agencies perhaps, and the government depending on jurisdiction, have access to your bank transaction records.

Confidential (not private). Known identities.

Example scenario: Cryptocurrencies (used in the normal sense)

If I have 10 dash in my wallet and transact with another party, it is recorded on the blockchain, fully open and auditable by the public. The identifiers are public keys, but who has control of those keys is ambiguous. Much like the fiat cash scenario, the other party may be a merchant who records it and associates it with a regulated bank-like service (certain exchanges, or even someday perhaps traditional banks). Forensic auditors need access to the wallets or need the ownership information associated with the keys in order to piece together an identity. Once they do that, all ties to all transactions associated with the people involved become transparent. Additionally, auditors can introspect the path of transactional outputs and perhaps glean some clue to the identity of the payer.

Person to person: Publicly auditable transaction, but confidential due to the ambiguity of identity.
Recorded or touches an end-banking system: Publicly auditable transaction, but still fairly confidential due to publicly ambiguous identities.

Example scenario: Cryptocurrencies on an exchange

A Dash account on an exchange will often have some identifiers associated with the person making a transaction. Anything from an IP address, to an email address, to full-on KYC/AML compliance information. Exchanges may be far less secure than a typical local wallet, but some exchanges can retain some confidentiality. Additionally, depending on how they manage addresses, an exchange may even be more confidential because the public information on the blockchain may only involve exchange controlled keys. Government auditors though will likely have significantly more identifying information available.

It depends on the exchange, but they can achieve varying degrees of confidentiality with probably little privacy. All transactions are publicly auditable, but association to a wallet may be a challenge.

Example scenario: Cryptocurrencies leveraging privacy-enhancing features

This is a big topic that I will only be able to touch upon, but varying levels of privacy from fungibility to full anonymity can be achieved using specialized cryptocurrencies, or features within otherwise general-purpose cryptocurrencies like Dash. This discussion will consume the remainder of this article.

Traceability and Fungibility

One interesting aspect to the blockchain is that each value in a transaction is tied to a value in a previous transaction (a chain). The output (result) of one transaction becomes an input to another. This is both a blessing and a curse. My 10 dash has a history! Someone else had control of that dash as did someone before them. If some auditor takes exception to how that dash was used somewhere along the path, my use could be associated with a context that taints my intent in the eyes of that auditor. I.e., The coin loses some of its fungibility.

Similarly, the fiat cash in my wallet may have been used for nefarious purposes. But the likelihood that anyone has been tracking the serial numbers on each bill as it moved from one person to the next is vanishingly small. With a bank account, money is “dirtied” more by human or organizational associations. I.e., Roger bought cocaine from Jerry. Jerry bought Starbucks coffee with the proceeds. And I supply Starbucks with paper cups.

Fungibility is therefore really a matter of degree of separation and interpretation by an auditor. Starbucks could argue that it doesn’t really have a relationship with Jerry and therefore the funds don’t have a strong drug money taint. I, the cup supplier, have even less of a relationship. The same holds true for cryptocurrencies. If someone used Dash the same way they used Dollars, the court case would be strong that my Dash was still fungible. The difference being though, my Dash effectively has a serial number that is easily traceable. If a government is oppressive, they have the ability to use that traceability property however they like.

Bringing the Fun back to Fungibility
Transparency and Obscurity: Privacy, Confidentiality, Anonymity…

A number of cryptocurrencies have additional privacy features. Or as is often hedged, “privacy-centric” features. Of course, there are also more manual methods to make just about any transaction as private, confidential, and therefore fungible as you like. This is true even for fiat currencies. But it is all about how much work you want to do.

As mentioned previously, I determine confidential to mean that a transaction is difficult or impossible for an auditor to make heads-or-tails given only public information. Private implies that auditors with more direct or sophisticated access still can’t link the results of one transaction to previous transactions (fungible) or perhaps even associate follow-on transaction results with this one. Private can also imply additional layers of obscurity like being able to hide the addresses themselves (increased anonymity) and even the values that were transacted. The security of the privacy protocol can also be judged by how much it may impact previous transactional history. I.e., If I unravel this transaction somehow, does that unravel all the past transactions? Any discussion of security and privacy can become a rabbit-hole of a topic. I will try to keep this discussion as simple as possible.

Some cryptocurrencies have optional privacy-enhancing features: Dash and Zcash for example. Others are always-on: Monero for example. There are also privacy-oriented external services available. Users can also take obscuring actions (with mixed results) like using a service to convert one currency to another to another, or simply send remainder currency to a new wallet, abandoning the old.

Dash has a built-in privacy-enhancing feature branded PrivateSend. What it does is break the certainty of the past history of your funds so that those funds become truly “fungible”. And if the person you send funds to also leverages this feature, the traceability is further obscured. Truly fungible. There is a transaction on the blockchain, but how much information an auditor can glean from it is minimal.

It all comes back to ease-of-use. Technical debt abounds!

But privacy is not free. Cryptocurrencies already have ease-of-use issues. Leveraging privacy-enhancing features is even more challenging. Additionally, there are some other attributes associated with these features that may give you pause. For example, using these features often results in a slower, more expensive process. Additionally, if the algorithm used is buggy or is eventually cracked, your years of supposedly private past transactions may be unraveled and made auditable.

Dash PrivateSend is fairly robust for introducing fungibility to the system. It does this by leveraging the Dash Masternodes (special nodes) on the network to mix inputs from a number of other participants to obfuscate their origins. It akin to you and your buddies all tossing your money onto a table, mixing it all up, and then randomly pulling out the same amount you tossed in. The tie to past history is broken and linking one unit of value (an output) directly to you becomes an exercise in statistical uncertainty. It’s really a relatively low-cost mechanism that isn’t so dependent on cryptography per se which has its advantages.

The downsides to PrivateSend are that it only can be performed by using a full node wallet currently, it involves slow pre-transaction prep-work, and depending on how you use the funds over time, you may exhaust pre-mixed funds that closely match the transaction you are trying to perform. I don’t want to get into too much detail, but that could mean some transactions are either rather expensive, or they will be delayed because you have to go through another process of pre-remixing before sending out your next transactions. Additionally, the default settings for PrivateSend are a bit light on the thoroughness of mixing, which can make the security of your transactions susceptible to certain forms of attacks using sophisticated statistical analysis. Finally, PrivateSend is also dependent on the availability of other participants on the network when funds are mixed. Bottomline: Dash PrivateSend is not yet “easy to use” and the defaults could give you a somewhat false sense of security if you become a target for a very motivated auditor.

Dash PrivateSend’s defaults can be improved. That’s an easy fix (or at least appears to be for this author), but improving the user experience will take some effort. As part of the Dash Evolution efforts, there has been some discussion about improving the ease-of-use, efficacy, and security of Dash PrivateSend. Whether and where any of that lands on a committed roadmap depends a lot of factors, but I don’t believe any improvements in this area are a priority for the moment. For now, Dash PrivateSend remains a difficult to use, but well-respected, fungibility-enhancing feature that ensures it will remain only used for the purported 1% to 5% of transactions.

Privacy under fire

Nation states are becoming increasingly hostile to the financial privacy of their citizens and residents. Governments are all beginning to entertain the idea of ending physical cash. There are a number of reasons for this, but it all boils down to traceability and control. If all money were digital fiat, the thinking is that governments would have improved their ability to audit usage and therefore monitor for tax avoidance, money laundering, and other unsanctioned activities. They would also be able to, for good or for ill, make more influential central banking decisions.

For example, India has banned some of larger cash denominations. Other countries are considering this. The USA has proposed removing the 100 USD bill from circulation. And a number of countries have put a ceiling on the size allowable for cash transactions. And in almost all countries, if your transaction is greater than some arbitrary value, additional scrutiny will be brought to bear. In the United States, this is generally true for transactions greater than $10,000.

Cryptocurrencies were undoubtedly an unwelcome curveball to central banking regulators. Just when they thought they could finally get almost all financial activity completely within their control, permissionless, trustless, censorship-resistant digital cash became a reality. Cooler bureaucratic heads understand how empowering and beneficial cryptocurrencies can be and are open to the idea of a currency or currencies that are not fully under their control, but they often get antsy when those currencies leverage privacy features or if identities remain unclear.

Privacy-enhancing currencies in particular are increasingly coming under scrutiny. Most recently, Japan published a whitelist of approved currencies and forced Japanese exchanges to adhere to it or lose their license to conduct business. It was notable that currencies that enhance privacy didn’t make the list. This author will be curious what happens when even Bitcoin has incorporated privacy-enhancing technologies (MAST and Schnorr signatures, etc).

So, where to go from here?

Regardless of whether state regulators like it or not, the ease-of-use and technical improvement of privacy-enhancing features are going to progress. The challenge will be whether those same regulators can bring themselves to avoid marginalizing innovative projects despite their trepidations. Keeping the the Fun in Fungibility! In the end, cash’s role in society will continue to be replaced with digital money, but that money will increasingly be cryptocurrencies such as Dash — cryptocurrencies that offer a wide range of transactional transparency; from fully public, to confidential, to private.



References

…all links last accessed March 25, 2018…

Arellanes, Albert. 2017. “Dash PrivateSend Basics.” YouTube Video, 8:36. October 20, 2017. https://www.youtube.com/watch?v=bOEYHcEBeWA.

Biddle, Sam. 2018 “The NSA Worked to ‘Track Down’ Bitcoin Users, Snowden Documents Reveal.” The Intercept. First Look Media. https://theintercept.com/2018/03/20/the-nsa-worked-to-track-down-bitcoin-users-snowden-documents-reveal/.

Dash - Digital Cash. 2018. “Evolution Demo #1 - The First Dash DAP.” YouTube Video, 24:31 March 16, 2018. https://www.youtube.com/watch?v=gbjYhZT2Ulc.
The Dash Network. 2017. “Dash Evolution.” https://www.dash.org/evolution/.

The Dash Network. 2018. “PrivateSend.” Official Documentation. https://dashpay.atlassian.net/wiki/spaces/DOC/pages/1146924/PrivateSend.

Dash Project. 2018. “PrivateSend.” Developer Documentation. https://dash-docs.github.io/en/glossary/privatesend.

⸻. 2018. “Developer Guide: PrivateSend.” Developer Documentation. https://dash-docs.github.io/en/developer-guide#privatesend.

⸻. 2018. “Developer Reference: PrivateSend Messages.” Developer Documentation. https://dash-docs.github.io/en/developer-reference#privatesend-messages.

Forum thread commenters. 2014. “Dead Change - an anonymity issue.” Dash Forum. Dash.org. https://www.dash.org/forum/threads/dead-change-an-anonymity-issue.3019/. An interesting discussion about the tail end of a transaction process (returned changed) and how that can affect anonymity. For this reason, PrivateSend now rounds up to the nearest available denomination in your wallet and does not send back change. This forum thread also briefly discusses stealth addresses and other topics.

Greenberg, Andy. 2018. “The Dark Web’s Favorite Currency Is Less Untraceable Than It Seems.” Wired. https://www.wired.com/story/monero-privacy/. —Note: citation added after original publication date.

Harding, David A. 2017. “What is a Bitcoin Merklized Abstract Syntax Tree (MAST)?.” Bitcoin Tech Talk. Medium.com. https://bitcointechtalk.com/what-is-a-bitcoin-merklized-abstract-syntax-tree-mast-33fdf2da5e2f.

Johnson, Amanda B., and Mark Mason. 2017. “How Dash’s ‘PrivateSend’ Works Under the Hood.” Dash Force News. https://www.dashforcenews.com/dashs-privatesend-works-hood/.

Nambiampurath, Rahul. 2018. “Schnorr Signatures Make Bitcoin more Efficient.” BTCManager. https://btcmanager.com/schnorr-signatures-make-bitcoin-efficient/.

Valenzuela, Joël. 2017. “BlockSci Paper Highlights Blockchain Traceability Issues, Potential Future Risks for Dash.” Dash Force News. https://www.dashforcenews.com/blocksci-paper-highlights-blockchain-traceability-issues-potential-future-risks-dash/.

⸻. 2017. “Introducing Dash #MixingMondays!” Dash Force News. https://www.dashforcenews.com/introducing-dash-mixingmondays/.

Wikipedia contributors. 2018. “Fungibility.” Wikipedia, The Free Encylopedia. https://en.wikipedia.org/wiki/Fungibility.

Wikipedia contributors. 2018. “Information-theoretic security.” Wikipedia, The Free Encyclopedia. https://en.wikipedia.org/wiki/Information-theoretic_security.

Wikipedia contributors. 2018. “Technical debt.” Wikipedia, The Free Encylopedia. https://en.wikipedia.org/wiki/Technical_debt.

Zhao, Wolfie. 2018. “Edward Snowden: Public Ledger Is Bitcoin’s Big Flaw.” CoinDesk. https://www.coindesk.com/edward-snowden-public-ledger-is-bitcoins-big-flaw/. Snowden quote: “the much larger structural flaw, the long-lasting flaw, is its public ledger.”
—See also (added after original publication date): https://www.dashforcenews.com/edward-snowden-does-not-think-bitcoin-will-last-forever/.

Zuckerman, Molly Jane. 2018. “Hacked Exchange Coincheck Drops Three Anonymity-Focused Coins After FSA Inspection.” CoinTelegraph. https://cointelegraph.com/news/hacked-exchange-coincheck-drops-three-anonymity-focused-coins-after-fsa-inspection.


About the author

Todd Warner
Lives on a farm. Plays with computers. —of the agrarian digerati.
t0dd @ Dash Nation | toddwarner @ keybase