This is the second part of our December cover story. Click here for part 1.
Where 2017’s dizzying price highs embedded “hodl” into the public consciousness, 2018 was the year that “buidl” became a trend in the crypto-industry — and Bitcoin was no exception.
Anticipated in Bitcoin Magazine’s first cover story of the year, Bitcoin’s technological progress only accelerated in 2018. Improving Bitcoin from around the world, developers and entrepreneurs furthered Segregated Witness adoption, rolled out the Lightning Network, released privacy solutions, realized sidechains and made progress on a Schnorr signature solution — all of which were still around the corner only a year ago.
Following up on January’s cover story, 2018’s closing two-parter cover story explores how these five technologies progressed.
In part two: privacy, sidechains and Schnorr signatures.
Privacy Solutions
Two of the most promising privacy solutions that were proposed over the past few years — TumbleBit and ZeroLink — were both on the verge of release at the start of this year.
TumbleBit is a coin-mixing protocol first proposed in 2016 by an academic research team led by Boston University’s Ethan Heilman. TumbleBit uses a (centralized) mixer to create off-chain payment channels between several participants in a mixing session. Everyone ends up with each others’ coins, breaking the transaction trail for all. Importantly, clever cryptographic tricks ensure that even the mixer can’t establish a link between the users and their transactions.
Excited by this potential, NBitcoin developer Nicolas Dorier and privacy-focused Bitcoin developer Ádám Ficsór (as well as several others) went a long way toward implementing the solution in the two years after it was first proposed. In early 2017, Stratis, the company behind the Stratis platform and token, even hired Ficsór to implement the technology in its Breeze wallet, which also supports bitcoin.
However, back in July 2017, Ficsór had come to doubt the real-world potential of TumbleBit. The solution needs a relatively large number of on-chain transactions for each mixing session, potentially making it cumbersome and expensive to use.
“I did not and I do not think anyone else ever thought through TumbleBit’s Classic Tumbler’s economics as I did now, in a high Bitcoin fee environment where we are inevitably going towards,” Ficsór wrote in a Medium blog post at the time. “To be completely honest, after I wrote all these down I became pretty disillusioned.”
Ficsór and Stratis did complete the project. After years of high anticipation, TumbleBit was finally released in the Breeze Wallet in August of this year. But by then most of the enthusiasm around the project seemed to have waned. Breeze’s TumbleBit stayed off the radar of many, and because of that, usage statistics are presumably low.
Instead, much of the effort to realize a more private Bitcoin shifted to the other major privacy solution: ZeroLink. Based on “Chaumian CoinJoin,” first proposed by Bitcoin Core contributor Gregory Maxwell in 2013, ZeroLink is a privacy framework first announced in August 2017 by the same Ádám Ficsór.
ZeroLink allows several users to mix their coins in a big transactions that sends coins from all participants in a mixing session to all other participants. It has similar requirements (a central server) and benefits (breaks the trail of transaction) as TumbleBit, but Ficsór believes the trade-offs are preferable, most notably because ZeroLink requires fewer on-chain transactions.
To realize ZeroLink, Ficsór set up his own Bitcoin privacy-focused company this year, zkSNACKs, which he first publicly revealed at the Building on Bitcoin conference in Lisbon in July.
A rebrand of his initial “Hidden Wallet” project, zkSNACKs’ flagship product is the Wasabi Wallet, a desktop wallet with additional privacy features based on the ZeroLink framework. Besides Chaumian CoinJoin, this, for example, includes compact-client side block filtering: a privacy enhancing solution for light clients that don’t download the entire Bitcoin blockchain.
The Wasabi Wallet was officially released on October 31 of this year, on the Bitcoin white paper’s 10th birthday. While still far from mainstream, Wasabi Wallet has already become the go-to privacy option for many of those that care about privacy the most. According to GitHub statistics, the wallet was downloaded thousands of times in the first few months since its release. And, according to the Wasabi Wallet’s website, it has mixed almost two thousand coins already.
“Honestly, I’ve been astonished by the user growth and social media activity. If this keeps up we will finally be able to think about liquidity dependent privacy solutions, for example to allow direct sends through mixing,” Ficsór told Bitcoin Magazine. “Exciting times.”
The ZeroLink framework is being adopted as a standard by other wallets as well. The new (and so far relatively unknown) Bob Wallet announced in March that it is developing a ZeroLink implementation. In August, privacy-focused Samourai Wallet announced a mobile ZeroLink implementation called Whirlpool. And Stratis’ Breeze Wallet initially showed interest as well.
On top of TumbleBit and ZeroLink, more privacy solutions were rolled out this year, and even more are in development. For a full overview of privacy technologies that were released in 2018 or currently in development, see Bitcoin Magazine’s September cover story: Bitcoin as a Privacycoin: This Tech is Making Bitcoin More Private.
Stratis (the company behind the Breeze wallet) did not respond to a request for comment on this story.
Sidechains
A highly anticipated technology for several years now, sidechains are alternative blockchains with coins pegged to bitcoins. This allows users to effectively “move” bitcoins across blockchains, allowing them to operate under different protocol rules, for example to enable faster confirmation times or to provide more privacy. In essence, sidechains would offer all the technical benefits of altcoins while maintaining Bitcoin’s 21 million coin limit.
Liquid
While the blockchain development company has since expanded its mission, Blockstream was originally founded in 2014 around the concept of sidechains. Since 2016, it has maintained “Elements,” an open-source sidechain project that showcases what’s possible with the technology. But Blockstream’s first, commercial sidechain project is Liquid, which was announced in 2015.
Liquid is designed to offer a payment rail between exchanges and other service providers, to let traders quickly and privately move funds around and take advantage of arbitrage opportunities. This minimizes spreads across exchanges and increases liquidity across the industry. Called a “federated sidechain,” coins and transactions on the sidechain are secured by a selection of the exchanges and service providers: They are the gatekeepers that move funds from Bitcoin’s blockchain to the sidechain and back.
In October of this year, Blockstream launched Liquid, with its bitcoin-pegged token L-BTC. One month later, it introduced nodes, wallets and a block explorer to the public. Liquid is secured by some of the best-known companies in the industry, including Bitfinex, BitMEX, Xapo, Unocoin, Bitso and dozens others. Italian bitcoin exchange The Rock Trading offered Liquid on- and off-ramps almost immediately after the sidechain launched, and in late November, Bitfinex CSO Paolo Ardoino also indicated Liquid support will be rolled out soon.
Judging by publicly available statistics, Liquid usage is still modest: Some 25 bitcoin are locked up at the time of writing this article, which required 75 transactions to do so. The sidechain processed about 3,400 transactions in total, which amounts to less than a dozen transactions per hour. But the long-awaited technology is live — and growing.
“It’s a good start,” said Blockstream CSO Samson Mow. “We only recently released the client, so it’s about what I would expect. As we have more exchanges exposing integration to their end users, we should see a lot more traffic.”
RSK
Another federated Bitcoin sidechain is RSK, with the bitcoin-pegged token R-BTC. RSK is specifically designed to support Ethereum-style, Turing-complete smart contracts. Like Liquid, coins on RSK are secured by a group of established Bitcoin companies. But unlike Liquid, RSK is also merged-mined with Bitcoin, which means that bitcoin miners use their hash power to create blocks and confirm transactions.
“This ‘two chambers’ idea results in strong security because no single group has too much power and each group has specific responsibility,” said Sergio Lerner, co-founder and chief scientist of RSK Labs, the company building and supporting RSK’s reference implementation. “And like in Bitcoin itself, users of the platform ultimately control the destiny of the protocol.”
In January, the Genesis block was mined and RSK was officially launched. An early announcement suggests that companies in the federation include Bitstamp, Bitfinex, Bitpay, Xapo and BitGo — though RSK has not yet revealed which companies are part of today’s federation, exactly. (A joint public announcement will follow soon.) RSK has also attracted several of Bitcoin’s biggest mining pools: BTC.com, AntPool, Slush Pool and F2pool are merge-mining the sidechain already, accounting for over 50 percent of Bitcoin’s hash power. The R-BTC token is available on exchanges including Bitfinex and Huobi, and the RSK platform itself has been improved a lot as well, said Lerner: RSK performed nine releases throughout 2018 from version 0.4.0 to the current version 0.5.3.
Perhaps even more importantly, according to RSK Labs some 50 projects are by now working on the RSK sidechain that RSK Labs is keeping track of — though most of the projects are, of course, still in very early stages or still in development.
Some of the more notable RSK projects are developed by RSK Labs itself, as well as by RIF Labs, the company that acquired RSK Labs in November. These include a Lightning-like payment channel network called Lumino (which, while incompatible in design, could be bridged to Bitcoin’s main Lightning Network). RIF Labs recently launched the RIF OS project, which is a range of open-source protocols and libraries that will initially run over RSK, which includes a payment network, peer-to-peer storage, name resolution and more.
“The RSK community is expanding, mostly in Latin America and Asia,” Lerner told Bitcoin Magazine, “and we’ve seen an acceleration in the past few months of companies launching solutions built on top of RSK. Further, in 2018 there were over a 100 RSK meetups and conferences around the world. RSK Labs also has an ambassador program to track the ecosystem growth: There are currently 200+ certified ambassadors and over a 1,000 in certification process.”
Drivechains
Finally, a test-version of a drivechain — a product by Tierion researcher Paul Sztorc (previously Bloq) — was released in September. The drivechain sidechain model is not federated but is entirely secured by Bitcoin miners. Leveraging their existing hash power (and combined with technical safeguards to limit risks), miners both act as gatekeepers of the sidechain and confirm transactions on it.
More of a concept than a specific sidechain design, Sztorc hopes that Bitcoin’s future holds a diverse range of drivechains in order to copy many of the features now deployed on altcoins. A potential first drivechain would be a “big block” sidechain for fast and cheap transactions, while Sztorc’s personal interest has always been to deploy a prediction market sidechain.
Development-wise, the drivechain project made steady progress this year, Sztorc said.
“We are on release 12, and 13 is almost finished and has many improvements. Many bugs are being fixed. We are working on making the software perfect for now.”
However, drivechains do require a soft-fork upgrade to Bitcoin’s base protocol in order to be compatible. Such an upgrade was discussed on the Bitcoin development mailing list about a year ago, and an official Bitcoin Improvement Proposal (BIP301) was submitted by Sztorc in early 2018.
Sztorc, however, is doubtful that such a soft fork will be deployed by Bitcoin Core, historically the Bitcoin software application through which most soft forks have been activated.
“I’m pessimistic that I can persuade Core maintainers to merge it in,” he said, “and I am doubtful even that miners would activate it if it were merged, as miner-activated soft forks haven’t happened in a few years, and not at all since SegWit — it used to happen every few months.”
While Sztorc would still prefer that the drivechain BIP be implemented by Bitcoin Core, he is keeping all options open for now. This includes soft-fork activation without help from Bitcoin Core or deployment of drivechains on Bitcoin Cash instead.
Ultimately, Sztorc may even launch a whole new forkcoin with drivechain functionality enabled.
“It would then have the same general feel as a Monero or Bitcoin Cash,” he said. “Some different project.”
Schnorr Signature Proposal
The Schnorr signature scheme is considered by many cryptographers to be the best in the field. Its mathematical properties offer a strong level of correctness, it doesn’t suffer from malleability, it is relatively fast to verify and, in the context of Bitcoin, it would enable nifty new features. Schnorr signatures have, therefore, been high on the wishlist of many within Bitcoin’s technical community for some time now.
While Segregated Witness made Schnorr integration in Bitcoin easier, it’s still a major undertaking — at the start of 2018, this was not realistically expected to be completed by the end of this year.
But good progress has been made.
In July, Blockstream and Bitcoin Core developer Pieter Wuille proposed an initial BIP on the Bitcoin Development mailing list, with input from other Bitcoin Core contributors including Johnson Lau, Gregory Maxwell, Jonas Nick, Andrew Poelstra, Tim Ruffing, Rusty Russell and Anthony Towns.
But the Schnorr signature proposal itself was only the start, Wuille told Bitcoin Magazine. There will be several more BIPs to come as part of the “Schnorr project.”
“The Schnorr BIP defines the signature algorithm itself,” Wuille explained. “There will be another BIP for integrating it into Bitcoin. The next step is to work out all of the details; more BIPs aren’t far off.”
Bitcoin Core developer for Xapo and contributor to Wuille’s Schnorr proposal Anthony Towns sent an email to the Bitcoin-development mailing list last week, detailing several of the additional changes that will be required to realize Schnorr on Bitcoin. These include new sighash flags, discussion of which had been ongoing on the same mailing list since November.
Of particular interest is that Wuille and the other Bitcoin Core contributors are now working on a proposal to implement Schnorr in combination with another big technical upgrade: Taproot.
Taproot was first proposed in January of this year by Bitcoin Core developer Gregory Maxwell (who also contributed to Wuille’s Schnorr proposal). Leveraging several Schnorr-based tricks, Taproot can realize a solution much like MAST: it would let users create a sort of data-efficient smart contract. But interestingly, under normal circumstances, these smart contracts would be indistinguishable from regular payments.
Practically speaking, Taproot would, for example, allow users to open and close Lightning Network channels, or make payments that require cooperation between multiple users, or make certain types of protocol-enforced bets without anyone besides the parties involved being able to notice that is what’s happening — a boon for privacy.
Still, the initial Schnorr implementation will probably be straightforward relative to what the signature algorithm could ultimately enable, Wuille said. Many of these more complex features will only be added later.
“Signatures interact with many other parts of the protocol that need to be worked out, so it seems more reasonable to first integrate Schnorr and Taproot. That will offer a number of benefits already, like verifying most spends with a single signature, and without needing to disclose a script,” Wuille explained. “Once we’ve implemented Schnorr in Bitcoin there is a good number of things wallets can do, including multisignatures and threshold signatures. The nice thing is that these features don’t require their own consensus rules.”
Edit note: Pieter Wuille’s comments were translated from Dutch.
This article was updated for accuracy.
This article originally appeared on Bitcoin Magazine.