For all the muss and fuss about its potential criminal applications, as matters stand right now, Bitcoin is a good deal less anonymous than the cash economy – and this poses problems. The entire blockchain and every transaction in it is public, which means that if you know the public key of one entity, you can often deduce which public keys belong to their associates, allowing the tangled web of commerce to be unraveled, sometimes in disturbing detail. For example, if you and your co-workers all elect to be paid in Bitcoin, when you receive your paycheck, you can look at the sending address, find its other transactions, and find out how much money your coworkers are making, a figure which ought to be confidential. If you know the public keys of various stores which accept Bitcoin, and you know the address of a private person, you can figure out their purchasing habits in the same way, a huge breach of consumer privacy. This is a major, often unexplored, problem with Bitcoin.
So how do you fix it? How do you take Bitcoin from pseudonymity to real anonymity? There are a few approaches. One, Bitcoin tumblers, which are simply services that combine many people’s transactions together into one one wallet and then redistribute them, provide some level of privacy, although statistical attacks are still very possible (and, to some degree, they rely on centralized or semi-centralized mixing services). Another approach, like that proposed by the “ZeroCoin” project, involves using mathematical structures known as zero knowledge proofs to allow users to disconnect the sender and a receiver of a transaction, letting them prove that they received a transaction, without disclosing to the network who it was from. The project appears to be in limbo, however, and it’s not clear when the technology will reach the wider market.
Now, BitGo, a company that makes secure, multisig local wallets (BitGo holds one of three keys, for added security), has a novel solution to at least part of the privacy problem. The technology is called “Hierarchical Deterministic Wallets,” and it works like this: Users have a single wallet with a single private key. The wallet software, however, is capable of generating a continuous stream of new private-public key pairs from the original, and generates a new wallet for each transaction. These can all be recovered from the original private key (if, for example, the wallet files are lost), but the wallets can’t be easily associated with one another. This provides a substantially higher degree of privacy, since it’s more difficult to figure out which wallets are associated with which users, since their activity can’t be correlated against one another. This is not the same level of privacy as that which would be attainable by a hard cryptographic solution like ZeroCash, but it is an improvement. As an incidental perk, these sorts of one-time-use wallets also protect against attackers with quantum computers attempting to deduce your private key, a risk we’ll need to take more and more seriously as time goes on.
The obvious concern for many users is, will these wallets be easy enough to use? We asked BitGo that very question. The company told CoinReport:
“The technology behind HD wallets is very complex and challenging to implement, but in our case that complexity is handled on BitGo’s side. For the consumer, using a BitGo HD multi-sig wallet is very simple. The fact that it’s HD doesn’t add any complication.”
Will HD wallets catch on? Tough to tell. The technology is definitely useful, but it may wind up being outstripped by other, more generally powerful approaches to the privacy problem, at least for the time being. Still, progress is progress, and anyone trying to patch some of the major holes in Bitcoin is the good guy, as far as we’re concerned.