Bitcoin Scalability and Privacy: A Primer

By Tyler Diamond –

The current atmosphere in Bitcoin and cryptocurrencies and general are at a very interesting point. Bitcoin has practically reached its current capacity limit on transactions. In addition, Bitcoin still is not the anonymous currency that it can be, its privacy falls short compared to improvements that have been proposed. However, developer time is limited and due to Bitcoin not having a “rollback” feature, all improvements to the protocol must undergo heavy scrutiny and testing. In this blogpost I will briefly cover improvements that are happening to the protocol and additional ones that have been proposed. Due to the widespread debate about scaling, I will begin with that. I would also like to take a moment to say that I’m rather disappointed on how both sides of this debate are acting. It leaves those that are more neutral on the subject and just want scaling to happen to either flee to the censored side, or the side that creates a conspiracy out of every eye flinch. If us crypto enthusiasts want Bitcoin to survive, we must work on compromise.

Scaling Solutions

Big Blocks

This is the most simple solution that has been proposed, and definitely the first one. Currently the Bitcoin block size limit is capped at 1MB. Currently, blocks have around 1,700 transactions per block. Supporters of “big blocks” want to simply raise the blocksize. This would be an effective method to temporarily increase transaction capacity, however there are a few caveats to this:

  1. This is a one-time fix that will only allow temporary capacity increase. In addition, due to the exponential rate of technology adoption and the network effect, Bitcoin use most likely is accelerating so this fix will not last long.
  2. A hardfork is required to do this change. This means any users that do not update their client to the version with larger blocks will effectively be kicked off the network.
  3. SigHash, which are scripting operations that are performed to determine if a transaction is valid, and the Unspent Transaction Output set (UTXO set) increase with the block size. Worst of all, SigHash operations scale quadratically instead of linearly. Both of these require nodes to have more resources, which can cause a shrink to decentralization.

Due to the above limitations and the “core” Bitcoin developers (those who maintain the original implementation) not implementing code to hardfork the network, BIPs (Bitcoin Improvement Proposals) that increase the blocksize have only been implemented in alternative implementations such as Bitcoin Unlimited or Bitcoin Classic.

Lightning Network+Segregated Witness

As of last week, signaling has begun for Segregated Witness. This is an improvement on the way block data is allocated and stored across nodes. Bitcoin Core (the creators of this proposal) have created 2 great posts explaining the costs and benefits:

https://bitcoincore.org/en/2016/01/26/segwit-benefits/

https://bitcoincore.org/en/2016/10/28/segwit-costs/

As a high level overview, segregated witness allows one to separate the signature of a transaction from the actual transaction data to be stored separately, called the witness. This means that only the “real” data of the transaction will be counted against the size of the block. With segrgated witness, there is a theoretical maximum limit of a 4x size increase, although with current transaction version adoptions it will most likely be around 1.8-2.1x. SigHash operations scale linearly, a very desirable aspect.

In addition, transaction malleability is fixed, which is a bug that would allow an attacker to rebroadcast a transaction with a different transaction ID (not changing the data of the transaction), which messes up some Bitcoin client implementations.

Lastly, segregated witness allows for the scripting of Bitcoin to be upgraded as a softfork at later points, which will be vital improving Bitcoin, especially for implementing the privacy improvements mentioned below.

Segregated Witness is being implemented as a softfork, which means older clients will still see the data in the new blocks as valid. 95% of the past 2016 blocks must be signaling for segregated witness support in order for it to activate. Currently there about 30% of the last 2016 blocks signal support (however you must remember at the time of this blogpost, only about 1200 blocks have had the option to signal for support).

1-1

Illustration 1: SegWit adoption: https://bitcoincore.org/en/segwit_adoption/

The Lightning Network will be built upon Bitcoin when Segregated Witness is approved. With The Lightning Network, Bitcoin will be able to scale to possibly millions of transactions per second. This is done by third-parties creating payment channels with one another, occasionally settling on the main Bitcoin blockchain. These transactions still have the security of the Bitcoin blockchain behind it.

More details can be found at: https://lightning.network/

Privacy

CoinJoin

CoinJoin is a simple protocol that allows strangers to aggregate their transactions into a single transaction. This helps obfuscate the destination address a single user is sending to, as the transaction will contain inputs and outputs of multiple users.

1-2

Schnorr Signatures

Schnorr signatures are pretty amazing. Not only do they increase the privacy of a transaction, they also assist in scaling as they reduce the size of the transaction when multi-signature transactions are used.

The power of Schnorr signatures are that they are relatively fast, do not suffer from malleability and allow the aggregation of multiple signatures into a single signature.

With the passing of Segregated Witness, the witness part of transactions can be upgraded to a new version, one that could possibly allow Schnorr signatures.

Typical Bitcoin transaction sign transaction inputs and create new transaction outputs. Many of these transactions contain multiple inputs, as shown below:

1-3
Currently, every single input must be signed individually. This transaction has more than 15 signatures, whereas with Schnorr signatures all of these can be aggregated into a single signature! This would save immense space in blocks. Extending this to multisignature transactions, one could create transactions greater than the limit of 15-of-15. One could create complex multisignature transactions such as 72-of-100 and it would still only use the size of a single signature.

Lastly, Schnorr signatures can be combined with CoinJoin to improve the privacy of those transacting. As opposed to normal CoinJoin, all the signatures would be aggregated to a single signature, incentiving people to use CoinJoin by default as it would create a lower fee for each individual user.

TumbleBit

TumbleBit is a recently introduced proposal to create a scalable solution that increases the privacy of Bitcoin transactions that utilize the protocol. An important property of TumbleBit is that is uses scripting that is available in Bitcoin today, so it can be implemented without any upgrades to the Bitcoin protocol. TumbleBit provides strong anonymity when used as a central payment hub. TumbleBit is based off of Chaumian eCash.

The foundation of this is built upon RSA puzzles and Bitcoin payment channels. Many Alices (senders) and many Bobs (receivers) can create payment channels with the payment hub at once. The payment hub will create RSA puzzles that only he can decrypt. He will send a payment puzzle to Bob, who will blind the puzzle and send the blinded puzzle to Alice. Alice then pays the Tumbler for the solution, therefore depositing her Bitcoins. She then sends the blinded solution to Bob who unblinds it, and redeems the coins that were deposited. The blinding prevents Alice from redeeming the coins she just deposited while also protecting the privacy of the receiver, as the Tumbler does not know which puzzle it is decrypting, since Bob has blinded it. Since hundreds of users could be doing this at the same time, transacting anonymity is preserved as a large number of transactions (>500) can be settled on the blockchain as only two transactions.

There are encryption protocols also used to preserve anonymity, and those details and more can be viewed at several sources:

https://www.youtube.com/watch?v=iGVSnxz1mn8

https://eprint.iacr.org/2016/575.pdf

 

1-4

Illustration 3: TumbleBit: Taken from presentation video

I’m personally very excited for TumbleBit, as this is something that can be built right now on the protocol that can help the scaling problem while also improving the privacy of transactions.

The proof of concept code can be found here:

https://github.com/BUSEC/TumbleBit

Confidential Transactions

Lastly, Confidential Transactions provide strong anonymity in that they hide the amounts in a transaction at the protocol level. The privacy achieved in the system is done mainly through the use of two cryptographic tools: Ring signatures and Commitment schemes.

Ring signatures are utilized in the privacy-focused cryptocurrency Monero. In very high level terms, ring signatures enable 1-of-N public keys to encrypt/sign a message without revealing who the signature came from. Confidential transactions use specifically Borromean ring signatures, which require knowledge of one of the keys to reveal the encrypted message.

Commitment schemes are ways to show that one has knowledge of data or commits to use certain data without revealing what that data is. An example would be if a casino made a game “guess 1 to 100”. They could commit the answer (ex: a hash of the number plus a nonce), allow the gamblers to bet on their guesses and then reveal the answer at a later time, and all parties would be sure that the casino didn’t cheat them out of their money.

With these tools, Greg Maxwell cleverly figured out that you can hide the inputs and outputs of a transaction from those observing the Bitcoin blockchain while preserving these important properties:

  • Ensure the input and output sums are equal
  • No bitcoins were created out of thin air
  • Transactions are valid to older clients (can be implemented as a soft fork!)

Although amounts are masked, the anonymity of this scheme would become dampened from observing addresses that transact with one another. To fix this, one could simply add zero value outputs to the transaction to obscure who the real receiver of the coins are.

Implementing Confidential transactions would be great for the fungiblity of Bitcoin, as wallet creators could implement this as the de facto transaction standard, requiring users to not have to do any additional work to reap the benefits. This is very important as privacy is similar to a chain, your anonymity is only as strong as the most-revealing link to your pseudo-identity.

One downside of Confidential transactions is that the cost to use them are about 20 times as large as a normal transaction. This is very bad because, as we discussed earlier, scaling is an issue that needs to be worked on in Bitcoin and this would make things worse. However, there are solutions being worked on that would allow the adoption of Confidential Transactions without hindering Bitcoin’s growth (one example that comes to mind are Side chains).

You can read the original Confidential Transaction proposal here: https://people.xiph.org/~greg/confidential_values.txt

Conclusion

There is no doubt that Bitcoin is one of the most interesting open source projects in existence. Much debate is occurring on how to best solve Bitcoin’s problems, and upgrades are occurring to the protocol at a rather fast rate for a decentralized, $12 Billion market. Although both sides of this debate could be acting better towards one another, I believe that this quote by Andreas Aantonopolous holds truth:

“Democracy is loud, and noisy, and dirty and weird . . . we’ve reached a point where the difference in opinion is very small.” -aantonop

Bitcoin will persevere. Yes Bitcoin has fallen behind as the most “technically advanced” and maybe doesn’t have the wide feature set many cryptocurrencies utilize now. However, Bitcoin’s security comes from the vast amount of nodes that are running and the fact that it has the largest market cap of all cryptocurrencies (and in the proof-of-work sphere, more valuable currency = more secure currency). Changes require time and perhaps this round of debates has extended past its initial life expectancy, but I believe the Bitcoin community has also learned to debate better than it has in the past, something that is crucial in the evolution of it as these debates are going to arise when we hit another wall.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s