Is anonymity necessary for fungibility?
Introduction
I read a fascinating Coindesk article today by David Vorick who is a Bitcoin Core developer:
Ensuring Bitcoin Fungibility in 2017 (And Beyond).
Whilst I have previously understood the need for some people requiring anonymity in cryptocurrency transactions it never really made sense to me for the average user until now.
Fungibility or lack of it as a problem
According to Wikipedia fungibility is:
the property of a good or a commodity whose individual units are capable of mutual substitution
That is, it is the property of essences or goods which are "capable of being substituted in place of one another."[1] For example, since one ounce of pure gold is equivalent to any other ounce of pure gold, gold is fungible.
One of the central points that Vorick makes is that anonymity is a means of securing fungibility:
For example, it's common for exchanges and merchants to discriminate between bitcoins based on the owner or their history. An example is that exchanges will attempt to block bitcoins that have been stolen, especially if the theft was well publicized.
I'm not sure how common this kind of discrimination is right now but it is certainly feasible and we have seen people developing tools to trace and track the origins of bitcoin transactions.
Law enforcement authorities already exercise strong controls on fiat money transfers and banking from certain people who they consider undesirable.
There is no reason to think that they will not start pushing this with cryptocurrencies like bitcoin.
This could result in a two-tier market where there are clean and dirty bitcoins.
Dirty bitcoins would be less valuable. Hence they would lose fungibility.
This doesn't just affect those who are taking part in crime - it could also mean that legitimate businesses or individuals unknowingly receive such coins and end up with something of lesser value.
That not only affects those who are directly involved but it could also affect the overall value of bitcoin.
Centralisation
A further point that Vorick makes is that it could result in a degree of centralisation of the system because:
- Governments and exchanges can control the free movement of certain bitcoins.
- It might create a situation where people use services that analyse their bitcoins to determine if they are clean or dirty - such a service would be a central point of attack for anyone wishing to harm bitcoin.
Is anonymity/lack of tracing a necessity for fungibility?
I think Vorick makes a compelling case for this.
The ability to trace coins essentially enables governments and law enforcement agencies to exercise indirect control over transactions and currency movement.
They use various laws and regulations to do this with the conventional fiat money supply. If you do anything the government don't like they can freeze your accounts and confiscate your money.
Whist they can't necessarily freeze or confiscate your bitcoin - they could in theory prevent other people from accepting them.
If you can't exchange them or make purchases with them they lose their value.
The cash "problem"
I think it is also important to think of how governments worldwide are trying to eliminate cash. Whilst cash is not immune to being tracked, marked or traced it is a lot more intensive in terms of time and cost to do so.
This is essentially makes it a virtually anonymous means of transferring value since it is almost impossible to track every transaction.
People like cash and trying to get rid of it is not a popular move. It also disproportionately punishes those who are very poor.
Look at the recent elimination of certain denominations of currency in India. It may literally have cause deaths for those who were unable to pay for medication, hospital treatment and the basic necessities of life.
It was still forced through.
I think in view of this it would be unrealistic to expect that governments will not aggressively pursue identification strategies for cryptocurrencies.
Possible Solutions
- Vorick discusses the forthcoming Lightning Network as being a potential solution for bitcoin - whether it is or not remains to be seen. It is not even 100% certain that it will be implemented.
- Tumbling services - basically you mix up your coins with others - current services have issues with privacy and the risk of users getting scammed. He describes a new allegedly safer service called "Tumblebit" which may solve some of these issues when it launches in 2017.
- ZCash uses something called zkSnarks to achieve anonymity and fungibility - not being a cryptographer I don't really understand this fully. What I do know is that there is debate over the security of this within the cryptocurrency community as a whole and even some of those who are involved in ZCash.
- Monero mixes all transactions by default and will be undergoing upgrades in 2017 to further secure this. Having used it myself this is the system I'm most familiar with. The recent release of a GUI wallet might help to bring it into the mainstream.
I think as time proceeds anonymity will become more and more important for free transactions and true decentralisation. I can even envision Bitcoin getting left behind and becoming secondary to other cryptocurrencies like Monero if it does not tackle this.
We have already seen a switch in Dark Markets using things like Monero and now considering ZCash.
We may think we are safe because we are "not doing anything illegal".
I don't think we can assume that though. We have seen how governments can over-reach and how their definition of who is desirable and undesirable changes with time.
They are also prone to making mistakes.
Are we safe from this issue with Steem?
One of the things with Steem is that it is very easy to trace every transaction. Right now with Steemit being the main app it may appear that anonymity is unwanted or not required.
That may not always be the case though.
With the recent "Fake News" situation we have seen both official and unofficial attempts at censorship. The blockchain itself cannot be censored but a future government may try to silence people indirectly by marking their money (in this case Steem/SBD) as dirty.
Is this possible? I would be grateful if someone who understands the technicalities of Steem better than me could comment on it. Further is it feasible or (or even desirable) to have some sort of coin mixing type system with Steem?
I assume it would need to be combined with some means of having disposable and anonymised addresses that would still be able to send money to your Steem wallet. I don't think that is possible though - please correct me if I'm wrong.
Perhaps a better way of doing it would be to have a decentralised exchange which does not discriminate and automatically mixes coins up during transactions?
Conclusion
It seems to me that governments will do anything they can to exert control over cryptocurrencies like Bitcoin in the same way that they do over fiat money (particularly in its electronic forms).
They are already trying to get rid of cash in an attempt to close that loophole. We must assume they will use any kind of means at their disposal to compromise cryptocurrencies in the same way.
They may not be able to block them directly but they might use the fungibility issue as a means of attack and trace-ability could be the tool that enables them to do that.
Please let me know what you think. Many of you will have much greater knowledge and expertise in this field and I would be grateful for your informed opinions.
Also apologies for any errors or misunderstandings I may have made in this post. I find this issue fascinating but it is something I am still learning about.
Thank you for reading.
If you like my work please follow me and check out my blog - @thecryptofiend
Follow me on Gab.ai or on Twitter
All uncredited photos are taken from my personal Thinkstock Photography account. More information can be provided on request.
Are you new to Steemit and Looking for Answers? - Try https://www.steemithelp.net.
Even though all balances on steem are public, Steem works very differently from Bitcoin. In particular, all balances in one account are automatically "merged" which means that all it would take to "taint" an entire exchange's balance is to send them some notional amount from a tainted user account.
For a small price someone could 'taint' everyone's balance. This means that each account would have to have its own metric of taint and that a consensus would be to be reached on whether tainted coins are "first spent" or "last spent" or whether each balance has a different fractional taint.
In practice it is not easy to apply taint to individual lots of STEEM like you can with bitcoin.
Bitcoin faces a real problem with censorship of transactions which causes the taint. This happens due to centralization of mining power and pools.
It would be a fun exercise to play around with various measures of taint and try to understand their implications. For example, the benefit of "first spent" is that anybody could un-taint their account simply by burning away their tainted coins; on the other hand, "first spent" gives the owner of tainted coins the power to immediately taint everybody.
Would that definitely work?
In my thought experiment, certainly! :)
Suppose I have 100 Steem; let's say 99 of them are un-tainted and 1 of them is tainted. "first spent" means the tainted steem sits at the top of my pile, that if I transfer 1 Steem to you, that single Steem is considered tainted. If I transfer 2 Steem to you, 1 of them is tainted and the other is un-tainted. "first spent" is a convention that specifies how tainted coins move around the network. So if I wanted to transfer 1 un-tainted Steem to you, I'd have to first transfer my 1 tainted Steem to @null, and then all the rest of my Steem would be un-tainted.
So in contrast, "last spent" would mean that if I transfer 99 Steem, they would all be my un-tainted ones. My 1 tainted Steem would stay at the bottom of my stack until I had spent everything else.
Cool. Thanks for explaining:)
You guys mostly lost me.
I was wondering, wouldn't voting un-taint account. Wouldn't it lead to the account owning to be dedutable?
Thank you for explaining:)
Dan, thank you for mentioning. Steem is very public. Could you at some point talk about why everything is so open. Is this an active design decision or is anonymity something you just did not get to tackle?
I don't know if this was his specific reason, but something I've heard him say in the past is that total openness is better than the false appearance of anonymity. True anonymity is difficult and costly, and many attempts to be anonymous do not provide true privacy. For example, the first iteration of Bitshares had transactions that were difficult to link to any account, but it was discovered that transactions' identities could be traced rather easily by analyzing witness voting patterns. Partly for this reason, anonymous transactions were removed in Bitshares 2.0.
I think it is deliberate to be open.
Private transactions were on the original Steem roadmap and there has even been a bit of implementation work, but I have no idea the current status, priorities, or schedule.
Right. We might see something in the roadmap perhaps?
Anonymity is a divisive issue, so I try to see both sides. The benefit of a two-tier market (which need not be enforced by government, mind you) is that it would reduce the incentive for theft. This would be desirable to anybody using bitcoin honestly.
Imagine we had an omniscient bitcoin network which "knew" exactly when a coin was stolen and immediately burned it. Then thieves would experience no personal objective benefit from any theft, ever. The incentive for thievery would only be spite or chaos. It seems fairly clear to me that a world with such an omniscient network would be a better world than the one we live in today.
Obviously, we can't have an omniscient network; we're stuck with the reality that it's difficult to determine which transactions are honest and which are theft. The real question we need to ask is this: what fraction of transactions do we need to be able to correctly classify in order to justify a two-tier bitcoin market? We don't currently know the answer to this question.
I have to agree with @thecryptofiend's later comment that this arguing from a false premise.
Such a thing doesn't exist and likely can't ever exist.
However, if it did exist, it would restore fungibility because any coins that did continue to exist would all be not stolen and therefore interchangeable!
Good point!
I maintain that it's a useful thought experiment. We live in a world where we have some information about whether a particular bitcoin balance has been stolen. We have more than no information, and less than full information. The answers in the extreme cases are obvious: if you have no information, don't taint stolen balances; If you have full information, do taint stolen balances. Thus, the decision whether or not to taint stolen balances hinges on the amount of information you have about theft!
What does the decision look like as a function of information? How close to full-information do you need to be for it to be worthwhile to taint balances? I'm certain this is a meaningful question, and it stems from my original (albeit abstract) thought experiment.
Put another way: it's missing the point entirely to say that I was arguing from a false premise. Of course it's a false premise, but it's a premise that is a limiting case of a practical real-world issue.
Maybe. As I commented, both extremes result in fungibility. The middle (imperfect detection of stolen balances, along with both false negatives but perhaps more importantly false positives) does not. That's a big difference.
In many cases, the exact same thing could be said about money and having imperfect information about its history, yet society and the wisdom of the ages has decided that fungibility of money is more important than recognizing prior claims on stolen money, even when it is later known to be stolen (which is very much unlike other property). So this fungibility thing must be pretty important indeed.
There may come a time when we have that. It would no longer be decentralised though.
Decentralization is a tool that has nontrivial costs. We must never be so myopic as to believe that decentralization is an end in itself.
The point of the "omniscient" network isn't to propose that we actually build such a thing (this would be impossible); the point is to establish a desirable benchmark that allows us to measure how well our systems are currently working.
I merely brought up the idea to argue that a two-tier market may not be a bad thing in all circumstances. Like decentralization, fungibility has a purpose - there may be settings where we might consider fungibility to be secondary to some other characteristic.
Right but there are "nontrivial" costs to centralisation too.
Perhaps but I can't think of any such circumstances at present.
Do you disagree with my hypothetical omniscient network example? If we could correctly identify every stolen bitcoin the instant it was stolen, wouldn't it be better to burn it right away to remove the incentive to steal? My example is not meant to be realistic, but the existence of even a hypothetical example means that we shouldn't immediately dismiss the possibility of real examples.
That assumes you remove the incentive to steal because you can always detect theft. In the real world you could never do that so it seems like a circular argument to me. I'm not dismissing it I just don't see any situation that is persuasive yet.
Certainly. A good system needs to balance these competing costs. Steem is vastly more centralized [citation needed] than Bitcoin, but it's also orders of magnitude faster and more capable.
That is a matter of interpretation. In some respects Bitcoin may be easier to shut down as Dan suggested in his post a while back:
https://steemit.com/bitcoin/@dantheman/who-really-controls-bitcoin
We are like the pirates of the past. We will always be 5-6 steps ahead.
Yes I hope so:)
I really like your post, thank you for sharing. Also good job on mentioning a couple of other forms of cryptocurrency that have more anon properties. You forgot the most important though, IMHO. DASH in my opinion is the best parts of each platform you reviewed. It has the public nature of bitcoin and the anonymity of monero, but one thing that it has that none of the other competitors has is a solid governance model. Having proper governance is quickly becoming the most important feature to have for a currency of the future...........bitcoin is a perfect example of that. Money talks and when the core developers have no source of income except from large government associated corporations........well, anonymity takes a back seat.
I'm cheering for Dash too!
Lol! I wish they kept the name as DARK sounds so much cooler!
It does sound cool but Dash Cash is catchy too! Some people are afraid of dark things, the uncertanty of the shadows, so I can see why that association could be harmful. Also, if it were still called darkcoin then maybe people would think that the Dark Army from Mr. Robot is making reference to it and then the coin would be at the mercy of the show producers. Then again now the name Daesh is being pushed in relation to terrorism so I'm not sure that's much better :p
Lol. I remember someone launched an ISIS coin just as they were gaining infamy around that title!
Thanks, good point. I think many of us are so used to DASH that it is easy to forget about it. I don't think it is anon by default though is it. I have only used it for regular transactions.
"I don't think it is anon by default though is it" I think that is a feature and not a bug (Although the devs say evolution will be default), since to me choice equals freedom. Bitcoin forces us to be exposed, Monero forces us to be anonymous. Yes we can chose to use one or many different coins (I do), but having a decentralized core development governance is what adds a unique level of anon features for the future.
When I receive DASH, I just run it through the "dark send mixing" and then send them to all the light clients that don't have the feature built in. For me it is "good enough" at this stage of growth......that and run a masternode so I have a vote on where the 10% block reward goes to further bring value into the ecosystem.
Yes I understand what you are saying but there are some issues with not having it on by default - people may forget to use if for example.
Hackers cause the evolution of software like encryption tech, which loops back again to cause the hackers' techniques to evolve. I don't see why it would be any different here. Money, like info, wants to flow as freely as possible, so as institutions clamp down on any form of money, newer, more free versions, will fill the void... I say, let them bring their best "arguments..."
Yes I think you are right - technology and ingenuity can solve these issues.
The controllers just don't understand that freedom is like a force of its own. You can only suppress it so much before it bursts back. I honestly think all their lies and efforts, though painful and cause death, are good for us in the long run, speeding our societal and personal evolution...
Yes I hope.
What India's govern-cement did to the money, did cause deaths. Reports of suicides because of it.
Anonymity isn't really important for a currency. It is only important because of govern-cements and ass-holes.
Take for instance a girl falsely accusing a guy of being a rapist. And though he has done nothing wrong, he finds himself unwelcome in the town where he grew up. Even though he has cash, many people won't do business with him. (actual story)
And there's still many cyber bullies that love to do things from pranking someone, to doxing someone, to swatting someone. Getting someone's bitcoins placed on the black-list would be trivial.
In the future, super-bitcoin will have ways to trade anonymously and a way to trade with both parties being fully verified and the trade public. Both are necessary for what will be the future of currency.
Good points. I suppose the question is will bitcoin become super-bitcoin or will it be something else?
I do not know if bitcoin will become super-bitcoin.
Bitcoin is being left in the dust by other altcoins. However, once the things are figured out, it is often easy peasy to add them to bitcoin.
Like smart-contracts. First a language will need to be developed, then a user interface to that language. And then a library of useful, well known contracts be created. Then it just becomes natural to use. Until then, it is mess and the DAO burns your altcoins.
I think the main problem is getting the bitcoin community to agree on making additions.
It is an interesting thought. Governments fear what they can't control.
Yes for sure.
I am curious though if the international populist movement has affected BTC going up.
Not sure. I think there are a lot of causes for the rise. Globalism seems to have increased pockets of instability which favour bitcoin adoption.
Which is weird because you think globalism would reduce instability.
maybe not; I see the current implementation of globalist policy as based on rent-seeking principles (kickback to politicians and special interests), not on any actual benefit to the populations being subjected to them
creating a situation to profit by instead of building stability is the goal of the globalists
Yes!
This is the central point, I think.
Some crypto users don't consider anonymity to be a critical point, but they should take heed of your fungibility argument...
The Obama Administration used financial control to attack business they don't like, such as gun dealers, in Operation Choke Point
So if the crypto user that doesn't think that anonymity counts does business with a gundealer, or worse, happens to BE in the completely LEGAL gun business, the lack of anonymity is going to bite them in the ass.
Well done, @thecryptofiend
Exactly and there are lots of examples of this sort of thing!
Thank you:)
Nice!
Thanks:) Is that a gif?
Yes, a gif file. Was playing around a little this morning. Here is the other I made this morning!
Cool. It might be best to slow it down a little if you can in case anyone has photosensitive epilepsy.
Thanks for the good read, still trying to learn more and explore how I feel about this big topic.......
Yes me too. There are a lot of things I hadn't even considered.
Thanks for the feed back, it is a little much!
Lol. You could make yourself ill if you work on too many!
I slowed them down, don't want to give anyone a seizure.
OK:)
I was against bitcoin because it was digital, I knew about the war on cash and I saw this as a segway to get people to accept it and then lock down cash, make their own digital and outlaw the rest. Then with a switch they control everything in your life. Ties into the RFID chips to track things on roads, stores, everywhere.
Authoritarians around the globe want more control over human life, and cash grabbing has always been part of the end game. Incrementalism, gradualism, is the game, and we pas by generation to generation unaware of what is happening, for the most part. Large scale plans are at work behind the scenes in the hidden hands of power.
Yes. My hope is that technology will find solutions to this issues.