A Battle Between Bitcoin Wallets Has Big Implications for Privacy
Bitcoin privacy wallet Samourai announced last Thursday that its primary competitor, Wasabi Wallet, is the target of an ongoing network attack.
The blog post is the latest in a string of allegations Samourai has leveled against Wasabi since mid-July.
The attack, according to Samourai Wallet, resembles a Sybil attack, where a small number of users falsifies new identities and pretends to be much larger in number. This would mean that the anonymity set, or crowd, in which a user can hide their bitcoin transactions is not actually as large as Wasabi suggests.
“As the Wasabi team has described it, the goal of the Wasabi mixing technique, is to hide your [unspent transaction outputs] in a ‘sufficiently’ large crowd (peers),” Samourai wrote in its blog post. “The current target Anonymity Set in Wasabi mixing is 100 peers.”
That means that if, say, 20 of those peers are actually just one user and the identity of this user is uncovered, privacy levels for all other users in the same mixing pool are reduced.
“With bad user privacy, the crowd gets smaller,” independent bitcoin researcher Max Hillebrand explained to CoinDesk. “If you are one of these other [transactions] that have not been de-anonymized [by an attacker] then your anonymity set is no longer 100.”
Samourai says evidence of Sybil attacks on the Wasabi network dates back to January 2019.
Wasabi has issued its own statements refuting Samourai’s claims, while also issuing allegations of their own against Samourai.
As a result, privacy-minded bitcoin users are questioning the true efficacy of either wallet in hiding the identities of its users.
Indeed, the core design of both Samourai and Wasabi actually has more in common than most realize.
Speaking to CoinDesk, the co-founder of Samourai Wallet, who goes by the initials SW, said that at one point in time, Samourai and Wasabi were the same application.
Lead developers TDevD (Samourai) and nopara73 (Wasabi) worked together on building an implementation of long-standing bitcoin privacy tech CoinJoin called ZeroLink.
“We just had a difference in implementation desire,” said SW. “So we split. We forked the project and just implemented it the way we wanted to implement it.”
Samourai’s implementation of ZeroLink (called Whirlpool) has a different pricing mechanism than Wasabi, though this is not the only difference between the two wallet applications. As a result, SW maintains that Whirlpool makes it more expensive for malicious actors in the system to break the anonymity of other users through a Sybil attack.
‘This is madness’
Wasabi’s Adam Ficsor, who goes by the alias nopara73, counters that divvying up costs later on in the process is actually more “cost-effective” and points out that anonymity using Whirlpool can always be broken given that Samourai relies on a centralized, backend server to process users’ extended public keys.
“Fuck you,” Ficsor wrote in a Medium post on July 21. “How can you take a stupid design decision you made and act like it’d be a significant advantage over another project that clearly has its basics right?”
This issue of sending user addresses to a backend server, Fiscor said in a second blog post, was raised by the creator of CoinJoin, Gregory Maxwell. When Maxwell approached the Samourai team with his concerns, he said on Reddit he was harassed and accused of making false claims.
“When you use the wallet, you send Samourai all of your public keys in the form of an extended public key (XPUB) that let’s Samourai have unique access to all of your current and future addresses,” said Aviv Milner, the community technical support lead for the startup behind Wasabi, zkSNACKs.
This matter of Samourai’s reliance on a backend server is one that SW admits does require the trust of users “that Samourai isn’t trying to sell their public key data to third parties.”
As such, experts say there is no clear winner between Wasabi and Samourai.
“[The two] are based on different assumptions,” Hillebrand said, adding:
“One assumes that the coordinator must not be trusted and that everyone knows what the coordinator knows. The other assumption is that there is an inherent trust in the developers and therefore it’s OK to trust central servers. Now, [what you choose] really depends on the threat model of every individual and each unique case.”
According to Hillebrand, while the basics of the two ZeroLink implementations are the same, in both implementations users are required to take privacy matters into their own hands by ensuring they are abiding by the best practices of the protocol.
Indeed, Kevin Loaec, the managing director of blockchain consultancy Chainsmiths, said any CoinJoin implementation will suffer from the same basic attack vectors.
“Privacy on bitcoin is extremely hard, any mistake from you or other mixing participants will hunt you down in the future as the blockchain is here for all to see,” Loaec told CoinDesk. “The type of wallet you use, the spending habits (time of the day, amounts…) the consolidations you do… everything can be exploited to profile you and reduce the anonymity.”
As such, Loaec, who uses both Wasabi and Samourai wallets, said that for users still deciding on which side of the bitcoin privacy wallet debate to land, there isn’t one right answer.
“Use CoinJoin, but learn about it and don’t assume you are private. Always mix.”
Image via Shutterstock