Dark Wallet, What’s all the Fuss About?

June 3, 2014 | By Egemen Tas, VP Engineering Comodo Security Solutions

Bitcoin conceptIn the last few weeks, I have read a fair amount of press coverage about a new Bitcoin wallet application called Dark Wallet. I have also received many inquiries from various sources (customers, blog subscribers, etc.) asking for recommendations on how to stay protected against this “new threat”.  Being a Bitcoin “technology” fan myself and watching its evolution since inception, I’m eager to delve into the Dark Wallet application and Bitcoin technology in general.

First things first, Dark Wallet is not a new kind of a virus, and you are not going to get infected by this type of application.

If you haven’t heard about Bitcoin and digital currencies before, this article.

Before discussing Dark Wallet in more detail, here’s some background information about the problems in the Bitcoin technology.

Privacy Problems with Bitcoin

Despite its fame for being anonymous, Bitcoin transactions are highly traceable because every transaction is recorded on a public ledger. This public ledger has a record of every single transaction that has happened in the Bitcoin network to date. This means, at any given time, anyone can observe the balance and transaction of an address. Most people are not used to dealing with such a level of transparency. But, as long as one’s identity cannot be tied to the Bitcoin address(es) he or she owns, this person remains anonymous. For this reason, Bitcoin transactions are often referred to as pseudonymous rather than anonymous.

It is not always possible to keep your identity anonymous because in order to purchase services and goods, more often than not, you need to reveal your identity. Therefore, because you made a purchase, your entire transaction history can be seen by the merchant.

There are also intelligent analysis tools that mine the web and associate Bitcoin addresses with personal identities. For example, the FBI allegedly caught the owner of the dark market, “Silk Road,” by searching Google for Bitcoin addresses he used.

To cope with such privacy problems, the Bitcoin community developed alternative strategies. To make the transaction log analysis i.e. taint analysis, more difficult, people were encouraged to use a new Bitcoin address every time they received a payment. While this approach can solve what is commonly referred to as the “address reuse problem,” it sacrifices convenience for privacy, making it an unfavorable solution.

The Bitcoin community also introduced what is now known as “change addresses”. In this method, the payer sends more money than the requested amount to the other party and expects the other party to return the change to an alternative address the payer owns. This way, the payer will add a layer of obfuscation, making taint analysis more difficult and sacrificing the convenience of reusing an address for privacy.

To further satisfy the need for privacy in Bitcoin transactions, centralized coin mixing services were developed. In this type of “central mixing” transaction, you would send a service your Bitcoins, along with the addresses to forward them to, and after some internal accounting and mixing, the service would send mixed coins back to the receiving parties. If the coins were mixed enough, it would be much more difficult to trace transactions from the public ledger. Still, there were certain shortcomings associated with this approach. You must trust the mixing service to not steal your coins, mix your coins enough, and not reveal the mixing history after being hacked. Plus, the legality of providing such services is subject to the jurisdictions in which the transactions were operated in.

In order to solve the problems associated with “central mixing” services, the Bitcoin community focused on finding the ways of trustless and decentralized (peer-to-peer) mixing. In this method, a team of Bitcoin users come together and perform the mixing operations, facilitated by mixers. A number of peer-to-peer mixing protocols such as CoinJoin and SharedCoin have been adopted by current decentralized mixers.

Now that you have a better understanding of the progress of the Bitcoin community’s efforts to address the privacy problems in Bitcoin, you might better understand what the Dark Wallet application is.

Dark Wallet is an evolutionary wallet application designed to address some of the inherent privacy problems present in Bitcoin. It introduces two noteworthy features that, once implemented, have the potential to take Bitcoin privacy to the next level.

1. Peer-to-peer (P2P) coin mixing support:

Dark Wallet allows the use of the so-called CoinJoin mixing method to perform transactions. The idea behind CoinJoin mixing can be best explained with an example: Let’s say Person A wants to send Person B one Bitcoin, and Person C wants to send Person D one Bitcoin. Without mixing, the public transaction ledger would have two records:

1)    Person A sent one Bitcoin to Person B

2)    Person C sent one Bitcoin to Person D

Without mixing, we can, with 100 percent confidence, say that Person A sent Person B one Bitcoin.

But, when CoinJoin mixing is used, Person A and Person C come together, both using Dark Wallet, and agree that Person B and Person D are both going to receive one Bitcoin; and Person A and Person C will both provide one Bitcoin. So instead, the public transaction log will log like this:

Person A and Person C sent one Bitcoin each to Person B and Person D, who received one Bitcoin each.

According to this transaction log, we cannot be 100 percent sure that Person A sent one Bitcoin to Person B, right? We can only be 50 percent sure that Person A’s Bitcoin was received by Person B.

In our public ledger, we usually analyze a chain of transactions, commonly referred to as blockchains, to do the taint analysis. But with every such transaction in the blockchain, our odds of properly tracing the Bitcoin drop by 50 percent.

Therefore, CoinJoin mixing, if implemented properly, has the potential to seriously obfuscate Bitcoin transaction logs.

2. Stealth address support

Another very interesting feature introduced by Dark Wallet is the new type of address called “stealth addresses”. As you recall, the address reuse created the known privacy problems in Bitcoin. Stealth addresses solve this problem by adding “encryption” to the transactions in a novel way. Payees can create stealth payment addresses and publish them publicly. Payers using the Dark Wallet application can send Bitcoins to these addresses without our famous public ledger having any traceable transaction record of the stealth address that is published.

These payers have found a novel way of using the Elliptic curve Diffie–Hellman (ECDH) secret sharing scheme, without changing the Bitcoin protocol itself, in order to implement the stealth address feature.

Currently, Dark Wallet is under development, but the theoretical work behind it looks very promising. It has the potential to be a pervasive wallet application, which is required to make these two new features work effectively. Is Dark Wallet a revolutionary application? At the moment, I am not sure. But I do know, with certainty, that it is an evolutionary application.

So, What is all the Fuss about with Dark Wallet?

The significance is in the new privacy features being introduced to the Bitcoin operations. As a computer scientist, as much as I love the theoretical work behind the Bitcoin paradigm, it is the simple fact that most Bitcoin transactions are not currently taking place for legitimate purposes. With Bitcoin, black markets and the black economy flourished to new levels. Therefore, policymakers have significant problems putting regulations into place to cope with such an untraceable, decentralized system. Furthermore, the system is evolving rapidly.

Some states under the economic sanctions of the West try to bypass these sanctions by smuggling money and gold across their borders. My question is, will they need to do so if Bitcoin advances to the next level? Moreover, can terrorists launder money easily? How can tax evasion be prevented? I can be sure that policymakers will have a hard time trying to answer these questions.

In the cybersecurity arena, cyber-extortions, through crypto viruses and DDoS attacks, are already popular and on the rise. This is partially because Bitcoin provides attackers with an effective payment collection mechanism.

In short, it is not Dark Wallet itself that is causing all the fuss; instead, it is how fast Bitcoin is evolving.

What do you think about Dark Wallet and the latest Bitcoin technology?

Be Sociable, Share!

    Add new comment

    Your name

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>