Stowaway – Idelto

Animated cover image by @artdesignbySF.

When it comes to defensively guarding the privacy of Bitcoin users, Samourai Wallet has been on the bleeding edge for many years, bringing new features and improvements to users that help achieve anonymity through Whirlpool, its CoinJoin implementation, and to maintain privacy with spending tools like Stowaway, Stonewallx2, Ricochet and PayNyms. Samourai Wallet is also the only Bitcoin wallet to date that has implemented BIP 47.

Additionally, it recently implemented the app-agnostic, Tor-based communication layer Soroban. Soroban brings tremendous UX improvements to users engaging with its collaborative transaction framework, “cahoots,” with tools like Stowaway and Stonewallx2. (Read more about Cahoots transactions and the UX evolution of building the transactions manually versus using Soroban here.)

Maintaining privacy while using Bitcoin requires paying close attention to the way your transactions are being built; which inputs are being used and what kind of history your inputs are bringing with them. Common input ownership heuristics (CIOH) are used by chain analysis companies to surveil Bitcoin users. These heuristics make the assumption that when there are multiple inputs to a Bitcoin transaction, those inputs belong to the same entity. Techniques can be used to break these assumptions, thus rendering the ability of a chain analysis company to maintain such assumptions utterly indefensible.

One technique used in the fight for privacy is a tool brought to you by Samourai Wallet called Stowaway. When someone wants to enhance their privacy while sending bitcoin, they can choose to use Stowaway, which will obfuscate the amount of bitcoin being sent in the transaction.

For example, if Bob wants to send Alice a Stowaway transaction of 0.015 bitcoin, they will both collaborate by providing inputs to the transaction. Then, one output will be given back to Bob as his change and the other output will be given to Alice with her contribution and payment. However, none of the inputs or outputs will match the 0.015 bitcoin amount.

It is necessary for Alice and Bob to communicate the timing of their transaction out of band, meaning that, in the examples below, Bob will have contacted Alice using a communication method outside of the Samourai Wallet application, such as a phone call, an end-to-end encryption text, a secure email, etc.

To an external observer of Alice and Bob’s transaction, there is no way of determining the actual amount that was sent. The external observer can also no longer make any assumptions about the ownership of inputs and outputs to the transaction. When the external observer looks at Alice and Bob’s transaction on-chain, this is what they will see:

Cahoots transactions can be built between collaborators using Soroban, which makes the process much faster and smoother. Soroban communications happen over Tor. Here is a video example of Alice and Bob’s Stowaway transaction (this video can also be found on Samourai Wallet’s YouTube channel here, and with Spanish subtitles here.)

Alice and Bob have enhanced their privacy by breaking the common input ownership heuristics. Now, any multi-input transaction being looked at by a chain analysis company must be considered to have been a cahoots collaboration.

Here is a detailed Stowaway infographic designed by @BitcoinQ_A, which can also be found here among many other great resources:

Learn More With #GretasFury

There is growing interest from the Bitcoin community in privacy enhancing tools like Stowaway, PayNyms and BIP 47. On February 28, 2021, a group of Bitcoin privacy advocates launched operation #GretasFury. Designed to interrupt common input ownership heuristics by passing a payment torch of 1 sat transactions using Stowaway, operation #GretasFury brought together dozens of users from around the world. Each collaborator anonymously participated in the torch passes by using their PayNyms. Each Stowaway transaction that was made utilized Soroban communications over Tor. Participants managed the timing of their transaction with out-of-band communications over applications like Telegram and Matrix.

Operation #GretasFury was organized by @biTcOinEneMiEs who maintains bitcoinenemies.com, an awesome self-hosted website focused on sharing Bitcoin related privacy resources, projects, and community engagement. Operation #GretasFury was a terrific way to motivate people to try out some of the available privacy tools in a way where there was a lot of community support and many seasoned participants available to answer questions and not only pass the 1 sat torch but to pass the torch of knowledge to new users.

Various sponsors donated prizes to the event to generate a sense of friendly competition as well.

I had a chance to ask @biTcOinEneMiEs a few questions about the event and here is what we discussed:

What made you want to put operation #GretasFury together?

We had a lot of fun with PayNym Torch. BIP 47 changes bitcoin UX in a profound way. When Soroban was released by Samourai Wallet, it presented an opportunity to pass a PayNym torch without the commit transaction.

Soroban also eliminated QR code workflow for Stowaway and Stonewallx2 transactions. That was a much bigger deal. These transactions are nothing new, but suddenly a massive friction is gone. Without going into all of the reasons why cahoots transactions are amazing, we had to follow it up. If you thought PayNyms were cool, wait until you try them with Soroban and cahoots without a commit transaction.

Who were your sponsors?

This all transpired in Keybase’s tx_tricks in December. The group did its first Soroban Stonewallx2, and the idea of a torch came shortly after. We kicked around some ideas before @SamouraiDev inspired us with the 1 sat Stowaway.

We didn’t contact sponsors until a couple of days before launch. I wasn’t sure what we’d really get but it was a massive outpouring of support, no questions asked. Fifteen different sponsors have contributed already. Big thanks especially to Mamushi Mobile for the Copperhead Pixel, Ronin for its new node and Foundation for two of its new Passports. These guys have really upped the excitement around #GretasFury.

How many participants and passes of the torch have you seen?

We’ve had 33 participants and 83 passes.

Why should people care about common input ownership heuristics?

These are techniques used in chain analysis. The most nefarious use them everyday. False positives are rampant, but this won’t prevent the analysis from being used until it stops working for more than just the criminals. Average people need to say no as well.

CIOH can be crushed. The people that need to do so already are. It’s within our grasp too, with tools like Soroban Stowaway. An average Joe can pull that off today.

#GretasFury lets us learn this in a fun way, and together, send the signal of just how worthless CIOH are to catching bad guys.

In conclusion, use the tools. There are some amazing resources out there that significantly improve your privacy and help you achieve and maintain your anonymity. It is a lot easier to form good habits from the beginning rather than trying to break bad habits down the road. If you are new to Bitcoin, I encourage you to really think about the advantages of keeping your KYC out of Bitcoin and defensively guarding your privacy.

To learn more about the tools Samourai Wallet offers, check out its website or engage with the Samourai Wallet community on its Telegram channel. Or, if you’re interested in getting an overview of the Samourai Wallet and Ronin Dojo full stack, check out this guide.

A version of this article can be found on Twitter as a thread here.

The post Using Stowaway, A Privacy-Enhancing Tool From Samourai Wallet appeared first on Bitcoin Magazine.

On Jan. 24, Adam Gibson, author of Waxwing’s Joinmarket blog, wrote about an interesting Coinjoin concept called Payjoin. The protocol further obfuscates the ownership of UTXO inputs during a Coinjoin transaction mixing cycle. According to Gibson, the Payjoin technique is “another nail in the coffin of blockchain analysis.”

Also read: Mystery Bitcoin Miners Are Altering Mining Pool Dominance

Payjoin Bitcoin UTXO Mixing Method Improves Coinjoin’s Privacy Technique

Over the past few years, blockchain analysis has kicked into high gear as law enforcement and governments have begun heavily funding companies that offer this service. On the opposite side of the spectrum, cryptocurrency privacy advocates have been building applications that make bitcoins more fungible. One way of adding privacy to bitcoin core (BTC) and bitcoin cash (BCH) transactions is a method called Coinjoin. The practice combines multiple payments from multiple entities into a single transaction. This technique makes it difficult for blockchain analysts to find each derivation point and the identity of the spenders. The Joinmarket project uses the Coinjoin method and allows users to mix their coins and keep control over their private keys throughout the process. The application also incentivizes people to add liquidity to the market by providing users with the ability to charge fees. However, Gibson notes that a traditional Coinjoin transaction is susceptible to looking different to typical unmixed transaction.

Bitcoin Mixing Concept Payjoin Makes a 'Huge Mess' for Blockchain Surveillance — **A Coinjoin BTC transaction.**

This is because a Coinjoin uses precise and multiple equal-value outputs, which essentially showcases an anonymity set. Repeated mixing rounds create a much larger anonymity set, but they are still noticeable by a trained blockchain analyst. Essentially the Payjoin concept allows Bob to create an “obfuscation of ownership of the inputs without it looking different from an ordinary payment” with his customer Alice. Gibson’s research details that he’s not entirely sure who came up with the Payjoin idea, but he’s seen it mentioned in a blog post written by Matthew Haywood last summer and a Bitcoin Improvement Proposal (BIP) published by developer Ryan Havar.

Payjoin’s Four Advantages

Gibson’s study also emphasizes that there are four fundamental advantages to the Payjoin concept. The first is hiding the payment amount and Gibson states that blockchain analysts see this as “a huge mess.” Advantage two is breaking heuristics and doing so without flagging that breakage has occurred. “This is enormously important, even if the breakage of the assumption of common input ownership on its own seems rather trivial (especially if Payjoin is used by only a few people), with only two counterparties in each transaction,” Gibson remarked.

The next benefit is Unspent Transaction Output (UTXO) sanitation and Payjoin bolsters this action by making each payment that comes in consume the UTXO of the last payment. The last advantage is hiding out in a large crowd, which basically makes anonymity sets “indistinguishable from ordinary payments.”

“Let’s say 5% of payments used this method — The point is that nobody will know which 5% of payments are Payjoin — That is a great achievement because it means that all payments, including ones that don’t use Payjoin, gain a privacy advantage,” explains Gibson’s post.

The author conceded:

This is another nail in the coffin of blockchain analysis — If 5% of us do this, it will not be safe to assume that a totally ordinary looking payment is not a Coinjoin.

Gibson explains that right now there are only two services providing this type of Coinjoin solution: Samourai Wallet’s Stowaway, and Joinmarket 0.5.2 which was just released. Gibson has published a demonstration of Payjoin in his prior blog post and notes that while helpful in a peer-to-peer fashion, both Stowaway and Joinmarket are not ready for large scale merchant automation.

What do you think about the Payjoin concept? What projects do you see improving cryptocurrency fungibility? Let us know what you think about this subject in the comments section below.

Image credits: Shutterstock, Waxwing’s blog, en.bitcoin.it/wiki/Coinjoin, and Pixabay.

Want to create your own secure cold storage paper wallet? Check our tools section.

The post Bitcoin Mixing Concept Payjoin Makes a ‘Huge Mess’ for Blockchain Surveillance appeared first on Bitcoin News.