Wasabi: Privacy Focused Bitcoin Wallet for Desktop

nopara73
6 min readJul 6, 2018

--

(UPDATE) Download Link: https://wasabiwallet.io/

A few days ago I gave a talk at the Building on Bitcoin conference, where I unveiled Wasabi Wallet that will bring Bitcoin Privacy to a new level.

If you are already familiar with my work, Wasabi is HiddenWallet rebranded and rewritten from scratch with some new features. (I explained in the talk why it was needed.)

Summary

  • You can already try it out: https://github.com/zkSNACKs/WalletWasabi
  • The Beta release is on August 1 (on the first anniversary of UASF.)
  • The 1.0 release is on October 31 (on the tenth anniversary of the Bitcoin Whitepaper.)
  • It is open source and cross platform, so it works on every desktop architechture: Linux, OSX, Windows.
  • It is an HD wallet, it uses BIP84 derivation scheme, so it can only generate bech32, native segregated witness addresses.
  • It has advanced coin control features.
  • This is the only truly light wallet that is already deployed and that does not fail against network analysis, thus protects your privacy against network observers. We achieve this by implementing a BIP157–158.
  • The Tor anonymity network is integrated and the wallet cannot be used without it.
  • It complies with the ZeroLink wallet fungibility framework.
  • The wallet implements a trustless Bitcoin mixing technique, called Chaumian CoinJoin and enforces constant 100 anonymity set. This means waiting for peers may take a long time until liquidity catches up, no anonymity system used today in any cryptocurrency comes close to this number. (More on this later.)
  • Unlike today’s centralized mixers, in Chaumian CoinJoin, the coordinator of the mix cannot steal your coins, nor deanonymize you.
  • We take mixing fees of 0.3%.
  • We operate legally, our company is called zkSNACKs. Its website is in development: https://zksnacks.com/
  • The wallet looks like this:

How does it compare to other alternatives?

Cash

Cash is superior, its anonymity set is in the millions.

Banks

Banks are better in some way and worse in some other way. Just like cash, banks provide complete anonymity for you towards most third parties, like your neighbor or your grandma, however you have no privacy towards your bank.

Centralized Bitcoin Mixers

Centralized Bitcoin Mixers are often vulnerable to amount analysis, they can steal your coins and you have no privacy against them. Wasabi solves all these issues.

JoinMarket

JoinMarket is a special type of CoinJoin. You may use it as a taker or as a maker, or in hybrid mode, by running the tumbler script. If you are a taker, you pay the whole transaction and JM fees to every maker you join your coins with. If you are a maker, you must run a script continuously that will generate income for you. As a taker JoinMarket is instant for you. We are planning to make every one of our non-mixing transaction a JoinMarket taker transaction in the future.

Monero

Monero is an altcoin. The anonymity set of Monero is 2–10. Wasabi’s is constant 100. However, in Monero, every transaction is a mixing transaction.

ZCash

The anonymity set of ZCash could potentially be huge. However, unlike Wasabi, it does not enforce any anonymity set and the lack of usage of its privacy features keeps it small for now.

Lightning Network

The Lightning Network is a second layer scaling solution that fixes many privacy problems those are present in cryptocurrencies, but it also introduces new ones. Assuming LN is fully anonymous, there will always be a need for on-chain privacy. But LN is not fully anonymous. LN’s anonymity can be compared to the traditional banking system’s. It also achieves confidentiality within a Lightning Hub, but you have no privacy towards the Hub. However when a payment goes through multiple hubs, LN uses onion routing. That facilitates privacy, assuming the hubs do not collude. Another benefit to LN is that its hubs don’t need to KYC their users. Its downsides are some public information, like the channel sizes, which all nodes know about and the on-boarding and off-boarding transactions. In the future we are planning to facilitate LN on-boarding transactions with our coinjoins.

Frequently Asked Questions

Why is the anonymity set 100?

Sufficient anonymity set is a hard question, that no research attempted to answer it so far. I asked many privacy researchers and it seems to me the rough consensus is that an anonymity set above 50 could be considered sufficient.
Furthermore our calculations have shown that with the liquidity of today’s mixers our mixing rounds would take 1 to 5 minutes with 100 anonymity set and 0.1 BTC fixed denomination.

Do you plan hardware wallet support?

No, we are focusing on privacy features and the stability of our wallet. As long as there are significant improvements to be made on those fields, we are not interested in anything else.

Why are other light wallets not private?

It is easy to see why most light wallets fail here. They are using a backend server to show you your wallet balances. This immediately links together all your wallet addresses to them.

Electrum’s model is a special case. Your Electrum wallet connects to random Electrum servers, ran by anyone, thus your privacy is failing towards those entities.

Bloom filtering SPV wallets are however different, (Bread wallet, AirBitz) they don’t use a backend server, rather they are leaking information to every blockchain analysis company, who are crawling the Bitcoin network for their bloom filters.

Full nodes like Bitcoin Core or full SPV nodes, like Stratis’s Breeze wallet or the previous version of Wasabi Wallet, which was called HiddenWallet were the only good solutions against network analysis.

However one year ago the Lightning Network developers came up with the concept of BIP157–158, which enables light wallets to protect their privacy. They built it, and called it Neutrino, but they could not deploy it to the mainnet until Bitcoin Core starts to serve them, which can take a couple of years.
In Wasabi we built it, too, it works as follows: our backend builds a filter table, that your wallet downloads over Tor. These filters are constant, every wallet downloads the same filter table.
From this table your client can figure out what blocks it is interested in and it asks for those blocks from random Bitcoin nodes one by one. From those blocks it can reestablish your wallet balances.

What has changed since HiddenWallet?

  • We added regression tests.
  • We added cross platform tests and continious integration.
  • We added 10 times more unit and integration tests.
  • I rewrote the Tor library from scratch.
  • We replaced our full block downloading SPV wallet architecture to BIP157–158 architecture to make it a fully light wallet.
  • We rewrote the GUI in Avalonia, which is native .NET. Previously it was written with Electron.

What are the weaknesses of the wallet?

  • It is bech32 only wallet. This means legacy wallets are not able to send money to it.
  • It is mixing to itself, not directly sending.
  • It is round based and until liquidity catches up rounds may take a long time.
  • Rounds have a common denomination, which is currently 0.1 BTC.
  • If someone does not have that much coins, then he won’t be able to participate in the mix.
  • If someone has a lot of coins, he must participate in many rounds.

Final Notes

I am super excited of what we are delivering. I hope I was able to give some of my enthusiasm in this article. We are soon going to be able to use Bitcoin in an end-to-end, fully anonymous way.

--

--