Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
In the last few weeks, I have read a fair amount of press coverage about a new Bitcoin wallet application called Dark Wallet. I have also received many inquiries from various sources (customers, blog subscribers, etc.) asking for recommendations on how to stay protected against this “new threat”. Being a Bitcoin “technology” fan myself and watching its evolution since inception, I’m eager to delve into the Dark Wallet application and Bitcoin technology in general.
First things first, Dark Wallet is not a new kind of a virus, and you are not going to get infected by this type of application.
If you haven’t heard about Bitcoin and digital currencies before, this article.
Before discussing Dark Wallet in more detail, here’s some background information about the problems in the Bitcoin technology.
Despite its fame for being anonymous, Bitcoin transactions are highly traceable because every transaction is recorded on a public ledger. This public ledger has a record of every single transaction that has happened in the Bitcoin network to date. This means, at any given time, anyone can observe the balance and transaction of an address. Most people are not used to dealing with such a level of transparency. But, as long as one’s identity cannot be tied to the Bitcoin address(es) he or she owns, this person remains anonymous. For this reason, Bitcoin transactions are often referred to as pseudonymous rather than anonymous.
It is not always possible to keep your identity anonymous because in order to purchase services and goods, more often than not, you need to reveal your identity. Therefore, because you made a purchase, your entire transaction history can be seen by the merchant.
There are also intelligent analysis tools that mine the web and associate Bitcoin addresses with personal identities. For example, the FBI allegedly caught the owner of the dark market, “Silk Road,” by searching Google for Bitcoin addresses he used.
To cope with such privacy problems, the Bitcoin community developed alternative strategies. To make the transaction log analysis i.e. taint analysis, more difficult, people were encouraged to use a new Bitcoin address every time they received a payment. While this approach can solve what is commonly referred to as the “address reuse problem,” it sacrifices convenience for privacy, making it an unfavorable solution.
The Bitcoin community also introduced what is now known as “change addresses”. In this method, the payer sends more money than the requested amount to the other party and expects the other party to return the change to an alternative address the payer owns. This way, the payer will add a layer of obfuscation, making taint analysis more difficult and sacrificing the convenience of reusing an address for privacy.
To further satisfy the need for privacy in Bitcoin transactions, centralized coin mixing services were developed. In this type of “central mixing” transaction, you would send a service your Bitcoins, along with the addresses to forward them to, and after some internal accounting and mixing, the service would send mixed coins back to the receiving parties. If the coins were mixed enough, it would be much more difficult to trace transactions from the public ledger. Still, there were certain shortcomings associated with this approach. You must trust the mixing service to not steal your coins, mix your coins enough, and not reveal the mixing history after being hacked. Plus, the legality of providing such services is subject to the jurisdictions in which the transactions were operated in.
In order to solve the problems associated with “central mixing” services, the Bitcoin community focused on finding the ways of trustless and decentralized (peer-to-peer) mixing. In this method, a team of Bitcoin users come together and perform the mixing operations, facilitated by mixers. A number of peer-to-peer mixing protocols such as CoinJoin and SharedCoin have been adopted by current decentralized mixers.
Now that you have a better understanding of the progress of the Bitcoin community’s efforts to address the privacy problems in Bitcoin, you might better understand what the Dark Wallet application is.
Dark Wallet is an evolutionary wallet application designed to address some of the inherent privacy problems present in Bitcoin. It introduces two noteworthy features that, once implemented, have the potential to take Bitcoin privacy to the next level.
Dark Wallet allows the use of the so-called CoinJoin mixing method to perform transactions. The idea behind CoinJoin mixing can be best explained with an example: Let’s say Person A wants to send Person B one Bitcoin, and Person C wants to send Person D one Bitcoin. Without mixing, the public transaction ledger would have two records:
1) Person A sent one Bitcoin to Person B
2) Person C sent one Bitcoin to Person D
Without mixing, we can, with 100 percent confidence, say that Person A sent Person B one Bitcoin.
But, when CoinJoin mixing is used, Person A and Person C come together, both using Dark Wallet, and agree that Person B and Person D are both going to receive one Bitcoin; and Person A and Person C will both provide one Bitcoin. So instead, the public transaction log will log like this:
Person A and Person C sent one Bitcoin each to Person B and Person D, who received one Bitcoin each.
According to this transaction log, we cannot be 100 percent sure that Person A sent one Bitcoin to Person B, right? We can only be 50 percent sure that Person A’s Bitcoin was received by Person B.
In our public ledger, we usually analyze a chain of transactions, commonly referred to as blockchains, to do the taint analysis. But with every such transaction in the blockchain, our odds of properly tracing the Bitcoin drop by 50 percent.
Therefore, CoinJoin mixing, if implemented properly, has the potential to seriously obfuscate Bitcoin transaction logs.
Another very interesting feature introduced by Dark Wallet is the new type of address called “stealth addresses”. As you recall, the address reuse created the known privacy problems in Bitcoin. Stealth addresses solve this problem by adding “encryption” to the transactions in a novel way. Payees can create stealth payment addresses and publish them publicly. Payers using the Dark Wallet application can send Bitcoins to these addresses without our famous public ledger having any traceable transaction record of the stealth address that is published.
These payers have found a novel way of using the Elliptic curve Diffie–Hellman (ECDH) secret sharing scheme, without changing the Bitcoin protocol itself, in order to implement the stealth address feature.
Currently, Dark Wallet is under development, but the theoretical work behind it looks very promising. It has the potential to be a pervasive wallet application, which is required to make these two new features work effectively. Is Dark Wallet a revolutionary application? At the moment, I am not sure. But I do know, with certainty, that it is an evolutionary application.
The significance is in the new privacy features being introduced to the Bitcoin operations. As a computer scientist, as much as I love the theoretical work behind the Bitcoin paradigm, it is the simple fact that most Bitcoin transactions are not currently taking place for legitimate purposes. With Bitcoin, black markets and the black economy flourished to new levels. Therefore, policymakers have significant problems putting regulations into place to cope with such an untraceable, decentralized system. Furthermore, the system is evolving rapidly.
Some states under the economic sanctions of the West try to bypass these sanctions by smuggling money and gold across their borders. My question is, will they need to do so if Bitcoin advances to the next level? Moreover, can terrorists launder money easily? How can tax evasion be prevented? I can be sure that policymakers will have a hard time trying to answer these questions.
In the cybersecurity arena, cyber-extortions, through crypto viruses and DDoS attacks, are already popular and on the rise. This is partially because Bitcoin provides attackers with an effective payment collection mechanism.
In short, it is not Dark Wallet itself that is causing all the fuss; instead, it is how fast Bitcoin is evolving.
What do you think about Dark Wallet and the latest Bitcoin technology?
Related Resources
Wikipedia Down by DDoS Attack
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
agreecheck
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP