On July 17, the well known Dark Wallet creator and early Bitcoin developer, Amir Taaki, criticized bitcoin privacy methods on Twitter. Taaki claimed that UTXO mixing concepts like Coinjoin were “absolute garbage.” Taaki also knocked other concepts like Mimblewimble and privacy-centric coins like monero as well, claiming that zero-knowledge accumulators will be the “anonymous gold standard” going forward.
Certain methods of privacy-enhancing and transaction obfuscation like Coinjoin were recently criticized by the early Bitcoin (BTC) developer Amir Taaki. The software engineer created the Dark Wallet application with Defense Distributed’s founder Cody Wilson years ago but disappeared for a while.
More recently, Taaki has returned to the crypto community, at least vocally, and he has made a number of critical remarks since then. His statement on Friday was no different, as Taaki tweeted about bitcoin privacy methods and said:
Coinjoin, Coinmix, Coinwhatever – absolute garbage (and I created the first Coinjoin [implementation]). Mimblewimble – interesting but worthless for privacy. Monero – marginally better but not anonymous. Lelantus – decent but still risky. Zero-knowledge accumulators – anonymous gold standard.
In addition to Taaki’s statement, two days later Riccardo Spagni from Monero criticized the Zcash project with a tweet about someone allegedly tracing a z-address to a z-address transaction. An individual was ostensibly able to trace it back to the original t-address. Zcash founder Zooko Wilcox-O’Hearn spoke up about the criticism on Twitter in a series of tweets.
“People think that you should store your crypto in a transparent blockchain like BTC, ETH, or Zcash t-addresses, and then “move it through” something like a mixer, Tornado, or Monero when you want to “anonymize” it— That’s backwards,” Zooko said.
“If you want privacy, you have to store your crypto in a private cryptosystem. You have to store your crypto in a private cryptosystem (such as the Zcash shielded pool) if you want privacy. Then it is safe to move it through a transparent system,” the Zcash founder added.
The scheme just below Taaki’s “gold standard” method, called Lelantus is an extension of the Zerocoin protocol. According to the white paper, Lelantus “extends the original Zerocoin functionality to support confidential transactions, while also significantly improving on the protocol performance— Lelantus’ proof sizes are almost 17 times smaller compared to the original Zerocoin proof sizes.”
Similar to Lelantus, zero-knowledge accumulators or crypto accumulators are lesser-known forms of privacy schemes. The security and cryptography expert Aurélien Nicolas explained how zero-knowledge accumulators work in a comprehensive technical blog post about the subject back January 2018.
“There is a lesser-known technique on the crypto-developer’s tool belt,” Nicolas wrote. “A cryptographic accumulator is a primitive with several exotic properties that can be used to build various zero-knowledge proof systems.” The cryptographer also stated:
We can think of a crypto accumulator as a super-charged hash function that works on sets. A regular hash function, like SHA-3, takes a single message and outputs a fixed-size hash. An accumulator, however, takes a set of values and turns them into a single number, also of constant size. In a sense, accumulators are the asymmetric cryptography cousin of Merkle trees and Bloom filters.
In the Twitter thread with Amir Taaki, the notorious freedom advocate and video streamer Naomi Brockwell asked the engineer about the Bitcoin Cash mixing method Cashfusion. “What about Cashfusion where the outputs are not uniform?” Brockwell tweeted.
Taaki did not respond to Brockwell’s question, but Bitcoin ABC’s Amaury Séchet (deadalnix) answered the question. “By that metric, I’d say garbage. It is clearly better than absolute garbage, but doesn’t quite measure to worthless,” Séchet tweeted in response to Brockwell’s question.
Taaki’s Coinjoin criticism follows the recent Twitter hack fiasco and the blockchain surveillance firm Elliptic claims the Twitter hacker leveraged a Wasabi Wallet. Elliptic noted on July 17, that the company suspected a fraction of BTC from last week’s Twitter scam was transferred to a Wasabi Wallet.
According to the crypto-financial columnist Leigh Cuen, the co-CEO of Zksnacks (Wasabi Wallet’s parent company), Bálint Harmat, told the reporter: “We took a quick look at the addresses. They are not related to Wasabi Coinjoins as of now.”