Settled, But Not Really: The Privacy Gap in Bitcoin's 'Final' Transactions

4 months ago 64572
ARTICLE AD BOX

Bitcoin technology is impressive for just how many fundamental problems with money it solves. One advantage of bitcoin that is often touted is that it provides for final settlement of transactions.

Final settlement means that, once a transaction is mined and enough subsequent transactions have been mined as well, it would take an infeasible amount of energy to go back and reverse the original transaction. There is a well-known guideline that a bitcoin transaction can be considered final if five additional blocks are then added to the timechain following the block containing the transaction.

(For technical readers: With today’s mining hash rate of about 585 exohashes per second, the total work required to reorganize a block 6 blocks deep in the timechain would require about 2 million exohashes, demanding about 63 thousand terajoules of power. This is the equivalent of one thousand Hiroshima-sized atomic bombs.)

And so, the common wisdom suggests that after these six confirmations of your transaction, it is as good as etched in stone. However, this view is simplistic and fails to account for a crucial factor: privacy.

The Illusion of Finality

In an insightful blog post entitled "Finality does not exist in payments," Patrick McKenzie makes a compelling argument that challenges common understanding of transaction finality. He submits that finality is not an absolute concept, but rather a "technosociolegal construct." In other words, the finality of a transaction depends on an interplay of technical capabilities, social norms, and legal frameworks.

The common wisdom about six confirmations only accounts for the technological aspect of settlement. True finality remains elusive if a hegemon, such as a powerful government, can identify the parties involved in a transaction and exert coercive force on them to reverse a transaction.

While bitcoiners often place their faith in the immutable laws of mathematics and physics to secure transaction finality, McKenzie's observation is that the sociolegal dimension of finality can and does trump technological finality. He distills the idea thusly: "If you and the United States federal government disagree whether a transaction is final, you are wrong."

Bitcoin's technological dimension of finality shouldn't be discounted. Unlike all forms of money that came before it, bitcoin allows its possessor to resist coercion by destroying or refusing to divulge a secret key, making funds inaccessible forever. In contrast, all other forms of money can be unilaterally seized through physical confiscation or intervention with custodial third parties.

While this "nuclear option" of technological finality exists with bitcoin, it would only be invoked under extreme circumstances. And even then, invoking it effectively destroys the bitcoin involved in the transaction – meaning that the payer’s transaction will have finality, but the payee loses access to the funds permanently. This is, in essence, a kind of reversal, at least for one side of the transaction.

However, this is largely beside the point. The vast majority of bitcoin transactions – recently surpassing one billion in number – remain vulnerable to reversal through conventional legal and political coercion. Bitcoin's innovation in technological finality is significant, but it doesn't negate the influence of existing power structures on most real-world transactions.

This is where privacy enters the equation. Bitcoin privacy is often discussed in the context of censorship resistance and permissionless transactions. However, privacy is also a fundamental requirement for achieving final settlement.

When transactions are sufficiently private, centralized authorities lose their leverage over the parties involved. Without the ability to identify the participants, there is no individual that a socio-legal apparatus can engage to force a transaction to be reversed.

Despite its importance, privacy in bitcoin transactions has often been criticized as lacking. The transparent nature of the timechain means that all transactions are publicly visible, and, in most cases, it is trivial to link transactions to real-world identities. This leads to a disturbing conclusion – almost all bitcoin transactions are reversible!

Promising Bitcoin Privacy Technologies

The lack of robust privacy in bitcoin is being addressed by various solutions that offer enhanced privacy and move the Bitcoin Network in the direction of true final settlement.

Fedimints, for example, are community-operated custody solutions that combine the privacy benefits of CoinJoin-like mixing with the scalability of the Lightning Network. They use blind signatures and Chaumian e-cash principles to provide strong privacy guarantees for users within trusted communities. This week, Fedi, a leading innovator in Fedimint technology, released a full-featured app that anyone can use to set up a federated mint within their own community.

Although Fedimints offer enhanced privacy for transactions within a community of users, they provide limited privacy for on-chain transactions. Moreover, they don't guarantee finality in the same way that on-chain bitcoin transactions do, as they rely on the trustworthiness of the community operators.

The Lightning Network, while primarily designed for scaling bitcoin transaction volume beyond what would be possible with on-chain transactions, also offers privacy benefits. By moving payments off-chain, Ligthning reduces the amount of information visible on the public timechain. Adding onion routing to Lightning payments further enhances privacy. However, Lightning presents an interesting tradeoff between privacy and finality. Users do obfuscate their identities, but their funds become exposed to potential loss or theft by channel operators or counterparties.

Silent Payments are one of the most promising proposals for enhancing both privacy and finality in bitcoin transactions. A protocol enhancement called BIP 352 aims to improve transaction privacy by allowing users to receive payments without revealing their public addresses on the timechain. By using a combination of stealth addresses and key derivation techniques, Silent Payments make it significantly harder to track the flow of funds.

The power of Silent Payments lies in its ability to provide strong privacy guarantees while maintaining the finality properties of on-chain bitcoin transactions. Unlike off-chain solutions, Silent Payments operate directly on the bitcoin timechain, ensuring that transactions benefit from Bitcoin's robust “technological settlement” model. This approach could significantly enhance coin fungibility and resist transaction reversal attempts.

Making Silent Payments a standard feature of bitcoin wallets will be challenging, as they impact timechain size and cannot be implemented in thin clients. However, Silent Payments are the most promising way to improve settlement finality yet proposed.

The Path Forward

To build a monetary network that offers true final settlement, the bitcoin community must prioritize privacy. This includes introducing more robust privacy features at the protocol level, such as Silent Payments, and creating user-friendly privacy tools that make private transactions the default, not the exception. Education plays a crucial role in this process, helping users understand the importance of privacy for the long-term safety of the bitcoin they own.

While Bitcoin's technical properties provide a strong foundation for final settlement, it is privacy that truly cements it. Without sufficient privacy, even the most energy-intensive consensus mechanism can be undermined by social, legal, or political pressures. Only when bitcoin transactions are private can bitcoin fully realize its potential as a revolutionary new form of money with genuine, irreversible final settlement.

This is a guest post by Dave Birnbaum. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Read Entire Article