logo
vision scalability social networking revelation source

How could regulators successfully introduce Bitcoin censorship and other dystopias

Original document by Juraj Bednar

Publishing this a violation of copyright. Needs to be summarized and paraphrased.

Note: A lot of people think this is purely about >50% attack. Not true, here’s how this unfolds with 10% of censoring hashrate.

Bitcoin is often said to be anonymous and uncensorable. Thanks to chain analysis, anonymity is to some extent a disputed wishful thinking from the past. And it looks like it won’t be so nice with censorship resistance either.

My reasoning begins with this quote from Twitter of fluffypony: Note: A lot of people think this is purely about >50% attack. Not true, here’s how this unfolds with 10% of censoring hashrate.

blockseer

( More information here, for example )

This mining pool censors transactions that are included in the government blacklist. For the time being, the pool just leaves money on the table, so if the pool decides not to include “dirty” transactions, the end result is that they do not to earn transaction fees for that transaction (and go for cheaper transactions) and the “dirty” transaction is mined in another block by a different miner. But I think it’s still a dangerous precedent and it gets scary when you think it through.

I think if governments or anti-money laundering organizations want to censor Bitcoin, that’s exactly the first step. Try it out on one pool. But if at least one pool mines these transactions, we’re fine, right? Not really.

Let’s think about what these organizations might do next. Spoiler alert, these steps lead to successful censorship of Bitcoin:

The first step of this dystopian scenario has already taken place. We have the first (albeit minority) pool, which does not include some transactions. At this point, it means nothing, at worst, the transaction is mined a bit later. After the introduction of full soft fork (whether by the hashate majority or the economic majority of exchangers), Bitcoin’s non-censorship practically ended.

1 Lightning network and tainted coins

We will talk about one more dystopian scenario. Imagine for a moment that you are running a node of the Bitcoin Lightning Network (BTW if you have never tried, check out my intro course). So you have installed something like Umbrel or BtcPayServer, you are a good Bitcoiner – you run a full-node Bitcoin, some Lightning daemon, you even run it all through Tor. You’ve opened a few channels, providing liquidity to route payments, and earning some fees. You do it all to help the network and verify transactions. So far so good. Or – so far, great!

One day, a local drug dealer on the dark market will check out your node. He needs to launder the drug Bitcoins. He will do this as follows:

If there are common chain analysis issues and these “dirty” coins are a problem – either legal, problems with depositing them to an exchange or even the fact that these coins are so tainted that no miner will mine the transaction – letting other nodes open channels with you (with their UTXO) is a serious security risk. If someone succeeds and the coins are marked as “dirty” only after the attacker does this operation, it is quite possible that you will not be able to move the coins anymore.

Of course, people will probably not be satisfied with this situation and will rightly complain to the state or regulator that they have nothing to do with drug sales and that someone has just opened a channel with them. One possible solution is for the state and anti-money-laundering organizations to say “sorry, our bad, this censorship thing was a bad idea”. Another solution is much more likely:

“Dear users of the lightning network, we see that you often get dirty coins. We’ve passed a new law that addresses your issue. We therefore recommend that you install this open-souce module in your Lightning node. Through the API, it verifies that the UTXO through which the other party wants to open the channel is clean. If it is clean, we return a state-signed proof of purity as a result of an API call. If you attach this proof of purity to the transaction as supplementary data, the compliant miner will happily mine it for you, because of course you could not know that the coins were dirty – we did not know either! Thank you for you cooperation in fighting money laundering!

API Call parameters : KYC ID of the caller, list of UTXOs in the onchain wallet of the node (why not collect extra data that the state does not need? Have you ever seen a government form that did not ask you when and where you were born? Of course they want to know the age and purity of your UTXOs as well), unsigned transaction by which the other party wants to open the channel

Output : Answer yes-no, State digitally signed certificate of transaction purity

You can get your KYC ID at any branch of the Ministry of the Interior, SEC, just bring two documents and proof of ownership of UTXO – a message signed with your identity with the address keys ”

(Crypto-anti money laundering lightning enablement act of 2021)

(Why enablement? Because when government wants to regulate something, meaning ban something, they always sell it to you that they are enabling you to do something. You know, if it is not forbidden, it is enabled by default, but for some reason, in 2020, if government regulates it, it enables it… Weird, right?)

OK, they probably won’t be able to pass such a law in 2021, the soft fork dystopia must happen first. But a similar approach has already been taken by the European Union when verifying reverse charge VAT numbers – if you are a VAT paying entity and the customer is a VAT payer in another EU country and therefore you do not invoice VAT, you can verify their VAT ID on the European Union website (or via an API) and save the call result. If it is not valid and you do not have stored evidence that you tried to verify it (and it was valid then), you have (perhaps) a problem. But I don’t know that anyone would enforce this rule.

2 Tadaaaa, I’ll do a coinjoin

If you have “dirty” coins and the miners refuse to mine transactions containing dirty coins, you will most certainly not do a coinjoin.

Coinjoin is a standard transaction that has inputs – if they are already marked as dirty, then you will not get such a coinjoin transaction into the blockchain (soft-forked away!).

If you get it into blockchain and the coins are marked later, you have a problem – you could even put completely clean coins in the coinjoin and suddenly you are marked as a drug dealer on the dark market because some other coinjoin participant was marked and tried to launder money.

If anyone could just use coinjoin to avoid all this censorship, they would. So let’s do it the other way around – coinjoin is an act of money laundering and if any input is tainted, all outputs are tainted.

Ironically enough, the only safe coinjoin is if the coinjoin provider (and preferably also use) uses and enforces a blacklist. I’ve heard that some coinjoin providers already do this. I don’t know what is worse – if you enforce the blacklist, you are censoring and hurting fungibility. If you are not enforcing blacklist, you taint all your users’ coins and they will be pissed when they want to use them and are not able to.

Of course, this topic is already relevant now, because many services (such as exchanges) reject dirty coins – and many also reject coinjoin outputs. Even if you withdraw crypto from an exchange to a Wasabi or Samourai and then send it directly to a mixer, you will get a love letter from your exchange, telling you nicely to stop doing that, or they will close your account next time. Of course, they know your name and you have shown your ID, so if you piss them off, they will also report you to your local anti money laundering unit (in my country, that would be financial police).

3 Change it to Monero and back

If someone has Bitcoins that are not exactly clean and wants to keep Bitcoins, they can exchange Bitcoin for Monero using a decentralized exchange and then after some time (and gradually) change Monero back for Bitcoin, through a reputable exchange (eg xmr.to). This will of course cost a few percent in exchange fees and you are also exposed to XMR/BTC exchange rate risk (although it can be both upside risk).

If many people solve this problem in this way, there will be a lot of tainted coins left in the wallets of the exchanges and their clients. I don’t know how people will deal with it.

The key is to do it before the coins are marked tainted of course (similar to lightning strategy).

4 Possible solutions to censorship issues

Anonymous cryptocurrencies such as Monero do not suffer from this problem, at least not so much. The sender, recipient, and amount sent are not visible in the Monero transaction. The Monero transaction refers to your input and ten other inputs.

This might look similar to a bitcoin coinjoin transaction, but there are key differences:

So should we just ditch Bitcoin and switch to Monero? Well, there is a different kind of censorship happening – exchanges are kicking privacy coins out. Most recently ShapeShift.

Here comes the Bitcoin network effect. It is enough if there is one exchange in the world that exchanges Monero for clean untainted Bitcoin without KYC and then any Bitcoin exchange can change it to fiat or anything else. Such exchange, of course, involves two fees (Monero for Bitcoin and Bitcoin for fiat), but it is still possible.

I call this rule “crypto to crypto fungibility”. Crypto to crypto exchanges are not so easily regulated and all it takes is one that works reasonably well and it does not matter if someone bans one cryptocurrency. It is a “ban all or none” effect in practice.

5 Two Bitcoins

It is very likely that hard core Bitcoiners will try to resist such censorship. And that’s good. One question is: how is it possible technically? A soft fork is a completely valid chain, with following the consensus rules and a majority soft fork will just be Bitcoin. It is hard to enforce that a miner includes a transaction. Consensus rules are good for excluding transactions. Even if there is a hard fork or a checkpoint that all nodes agree on and that includes a tainted transaction, right from the next block a soft fork can continue and censor transactions, including the outputs of the mined tainted transaction. So you can not easily “fork yourself off” to a censorship resistant fork. Censorship decisions are made in each new block. You have to win this fight one block at a time, forever, until the end of timechain.

All this can result in two types of Bitcoin – KYCed and clean vs “black market” Bitcoin. Whether they will live on one blockchain or Bitcoin will be divided into two forked chains depends mainly on the miners and exchanges and their willingness to succumb to the regulatory pressure of the regulators and violent coercion if they fail to comply.

A paradoxical solution might be to change the hashing algorithm, which would significantly reduce network security (Bitcoin’s Proof of Work currently makes Bitcoin the safest blockchain on the planet). In this way, two Bitcoins would also probably be created – less safe, less regulated and mined in the kitchens all over the world and on the other hand safer but heavily regulated. Where it goes from there, no one knows. Is this enough to avoid censorship? Probably not. Introducing better privacy might help, but then why not just use Monero?

Thus, the majority hashrate (i.e. miners who control more than half of the power of the network) decide on censorship. These are companies that have their managers, buildings and state licenses. If decentralized mining pools do not have an absolute majority, it will pay off financially to mine on a regulated pool, as we said above.

The idea that a large miner will “rebel” and move to p2pool (or use Stratum2 and create their own blocks, not dictated by a pool) and problem solved is very naive. Mining companies that control significant hashrates need to achieve a return on their investment in the first place. They are very conservative, don’t want to risk losing rewards by mining blocks that are later orphaned. So the main incentive is not “the government will kick our door if we mine this transaction”. The incentive is simple “let’s kick out all the hashrate that does not comply, more block rewards for us and make sure that no one will kick out our hashrate”.

Bitcoiners like to signal the virtue of running their own node and how this makes sure that all rules are followed and helping to decentralize the network. While this is nice and I applaud everyone who runs their own node, decentralization from the point of view of censorship is mainly about miners, and running one’s own node will not help in any way.

(Of course, we can create new rules – blocks that do not involve censored transactions with a sufficient fee to reject as blocks of censors. This has several problems though – how do you know that everyone sees this transaction? If there is already a consensus about transactions, you would not need miners. So this is nicely said, but very difficult to actually achieve. It would probably also lead to two Bitcoins – guess which version would Coinbase, Kraken, Binance, Bitstamp,… and for that matter Microstrategy run?

6 Conclusion

The idea of ​​the unstoppability and uncontrollability of Bitcoin is, in my opinion, an outdated concept. In the past, we could not imagine what censors and regulators could do. We thought that a rule like the crypto travel rule from FATF that is already in force was pure sci-fi – how could states agree to regulate all exchanges in the world the same way? They cannot even agree on the type of power outlet! Yet, it happened. FATF rules are enforced globally through network effects. These rules apply in Europe, the US and China as well. Without any need for elected officials to pass it through democratic rituals. The way that power and enforcement works in the last few years has changed dramatically. While Bitcoiners still believe it is not possible, we are being regulated more and more – and using power structures that have nothing to do with the ideals of democracy. One office in OECD office in Paris is writing worldwide AML regulations. Another office in the same building created the reporting standards that invade our privacy (the Common Recording Standard – CRS). Payment networks create and enforce their own regulations – even outside their users!

What can we do to make sure this dystopia does not happen? Build a parallel society that does not rely on regulated services (shops, courts, exchanges, …). Treat anonymity and privacy as a feature. A core feature. Reject any KYC-requiring service in principle and become an ethical crypto dealer. Buy and sell crypto. Support any services that do not ask for our identity. Promote, build and use decentralized exchanges, ATMs, and local in-person crypto exchange communities. And build a crypto economy that blatantly rejects these ideas, but not only on social media, but in reality.

If the split of Bitcoin into regulated and unregulated really occurs, the unregulated one should have the greatest network effect, the greatest economic power. It should be the Bitcoin, in which we settle small debts with friends and family. The Bitcoin with which we buy vegetables that someone else grew in their garden. And we should also support cryptocurrencies like Monero, which are not traceable and their censorship is much more difficult to achieve. It is not that hard to admit, that privacy is a good thing to have, even if you are a “Bitcoin is hard money maximalist”. They play along nicely.

If this Bitcoin’s global censorship really takes place under the leadership of states or other AML organizations, we should have the strength to say “we don’t want this centralized coin, it’s the same shit as your central bank issued digital fiat money.” And “no, thank you.”

And the time to start building this situation and this network effect is now.

7 Learn more

A Twitter thread about how this attack unfolds with 10% hashrate enforcing censorship and what is the cost-benefit analysis for individual miners.

I made a course about how to settle small debts among friends and family and use Lightning network to pay through non-KYC exchanges. If you have never tried Lightning network and don’t know where to start, this might be a good start. Open channels when fees are low, you can thank me later.

I also produce a podcast dedicated to increasing our options, thus increasing our freedom. It’s called Option Plus Podcast. There are episodes about opting out, strategies for being more free here and now. If you want to learn more about strategy of parallel societies, I recommend a Cypherpunk Bitstream episode, where Smuggler and Frank invited me and Martin to talk about Parallel Polis – a strategy to achieve more liberty in a communist dictatorship of former communist Czechoslovakia. Yes, we can use this strategy today.

If you want to learn more about financial surveillance and how it applies to crypto – and especially how it is made and enforced outside of parliaments and governments, check out my talk from HCPP on Financial Surveillance and Crypto Utopias.

You can also follow me on Twitter @jurbed.

Creative Commons License reaction.la gpg key 154588427F2709CD9D7146B01C99BB982002C39F
This work is licensed under the Creative Commons Attribution 4.0 International License.