ZeroLink Test Aftermath — Best Anonymity Set Successfully Achieved: 26, General Evaluation: Unsuccesful, Reason: Scaling Issues With Networking

First of all: Big thank you for everyone who participated! I must admit, I could not hold my tears back seeing the tremendous amount of support and activity this community carried out. Over 100 people participated in the testing and many gave invaluable feedback. For this reason I feel terrible and I must apologize for the unsuccessful outcome of the testing.
It must be said, CoinJoins were happening, they are even happening right now as I write these lines, but not at the scale I hoped, overall various networking issues prevented the software from properly coordinating hundreds of peers at once.

Claiming The $10 Participation Reward

Please send me an email to This email must contain your Bitcoin address and a transaction hex.
Obtain this transaction hex from HiddenWallet by building a transaction with a mixed coin and clicking on “Copy Transaction Hex” button. However, do not broadcast it to the network, instead cancel it out. If you would broadcast it, then anyone would be able to claim your money from me.

I will wait a couple of days for everyone to claim their participation, then I pay it out by batching (one transaction — many outputs).

What Went Wrong?

A smaller issue was that firing up some virtual machines to mix or running some scripts are not the same as letting 100 users with exotic Linux distributions stress test a software .

But the main issue originated from the nature of integration testing: tests are supposed to give you fast results. If a test takes days, it is probably not a good test. I have such tests in HiddenWallet, believe me, they are not fun. But what happens when real users are registered to the mix for days? Turns out nothing good and I wasn’t prepared for that.
Many quietly lost their web socket connectivity, poor guys, some of them may still think they are mixing.
Many got an error message: “the coordinator went offline”, which didn’t mean the coordinator went offline, it actually meant the client went offline, it’s just if you lose your internet for a moment, then you stop mixing, without the coordinator knowing about it. Totally misleading.
There were some other issues, but this two added up 80% to 90% of the problems.


TX With 26 Anonymity Set

The best transaction that has been created and broadcasted to the network achieved 26 anonymity set:

TXs with 7 anonymity sets

There were also a some mix happened with 7 anonymity set.

No Performance Issues

Another positive thing: I was worried the coordinator does too many things locally and it takes too long. However it turned out my worries were not justified. There was a time when 38 users successfully reconnected to the mix within seconds, which is quite impressive, because when an input registration request arrives to the coordinator, it does quite a lot: it signs, verifies, checks utxos, and does a bunch of other things per user. Plus I implemented it with locks, I prevented asynchronous execution, so I can have cleaner and more stable code in expense of performance.
Actually, this was the main reason why I wanted to do a testnet testing with 100 people. I was afraid things will take long and mix will get aborted, but the speed of the expected bottleneck was convincing, I’m happy about it.

No Coins Lost

Plus coins were not lost. Not like it would be possible at any point, but it may be worth to mention.

People Get Bech32

Bech32 is a new type of Bitcoin address for native segregated witness scriptPubKeys. While its adoption is pretty weak, surprisingly nobody had any problem gasping it.

Event By Event

1. Experiment: Submitting to /r/DarkNetMarkets

I started with a little experiment. It is not an overreach to say that “mainstream Bitcoiners” are disconnected and have no idea what is going on the dark web, even though they regularly comment on it. I bet you cannot even answer basic questions. Do they still mainly use Bitcoin or they are into Monero and ZCash? Are they into Bitcoin Cash or Litecoin? Are the high Bitcoin fees destroying their business model? I was curious about how knowledgeable and helpful they are and generally what the sentiment is, so I sent in my blog post about testing to /r/DarkNetMarkets first. This submission resulted 3 people to join the mix.

I cannot say I became much smarter, but there were some interesting things I can add as a sidenote.f

I. Insane usernames

Holy shit, you are literally afraid to reply someone with a name like this.

II. Monero shilling

In the first couple of hours I was getting upvotes and some supportive comments, then this guy commented and the downvotes started to come in. Fast.

2. Tweetstorm

I notified shinobymonkey from Block Digest podcast about the mix, he mentioned it in the livestream, also tweeted it, then he tweeted it, shortly after I tweeted it, too, it started trending like fire, someone sent it to /r/Bitcoin, some news outlet were writing about it and shortly within three days the mix reached the 100 people target. But let’s not go that far ahead just yet.

3. Early Issues

Not much that went wrong here, other than expected cross platform issues. They are unavoidable, they must be slowly debugged and fixed. However there were some balance corruption issue that was worrisome and must be looked into it in more details.

4. I Realized The First Round Will Fail

This is normal behavior, but it was not ideal for this testing session, so I was looking for ways to solve it. We decided to set the maximum anonymity set of the next round to 90, in order to plan for 10 fallout users, and set the input registration timeout for the next round to 12 hours, just in case.

5. 99 Anonymity Set Reached

So I fired up the 100th peer and kicked off the test. As expected the test timed out in Connection Confirmation phase.

6. 38 User Remained And Automatically Reconnected

This was unexpected, more than half dropped out without the coordinator noticing, why? As explained before, it was, because people silently lost websocket connectivity or internet connection somewhere in the past days.

7. Switch To Plan B

Alright, the test failed, let’s try to make some coinjoin. So I lowered the next round’s minimum anonymity set to 7 from 21 and the input registration timeout to 3 minutes.

After 12 hours, another round was attempted, as expected people dropped out, then 26 reconnected and executed a mix successfully.

From here on a 7 anonymity set mixes started to run. It went on for a while, to be fair, this part of the test was quite successful, when people finally didn’t have to wait hours for a mix to start, but 7 is not the same as 100.

Moving Forward

There is not going to be another testnet testing. We identified the main problems and we will fix them.

The good news is, I don’t have much new things to add anymore, well except Lightning and Confidential Transactions, but not anytime soon. From here on, working on stabilization and user friendliness are the goals. 2018 will be the year when anonymity is shipped to Bitcoin after all.

Cross Platform Issues

Boring, mechanical work to debug them. But at least easy one. These will be fixed issue by issue.

Connectivity Issues

The network connectivity part must be rewritten from scratch. We made many compromises here, that eventually lead to the downfall of this test. It is better if we take a step back and carefully consider what is the best way to move forward with this.

Balance Corruption/ Performance Issues

HiddenWallet is a full block downloading SPV wallet. This means, we are downloading full blocks from the creation of the wallet. In order to make this work, I had to write almost everything from scratch, that wallet developers never have to. This lead to complex code and some performance issues. Now, almost a year passed, since I did it and I learned a lot. I could do it much better today.
Generally there are two direction I can go to improve upon it. I could either replace parts of the back end with Bitcoin Core, their performance and stability is impossible to compete with. In this case I could even start contributing to Core and try to push Jonas Schnelli’s full block SPV implementation forward into Core. If that would get into it I would really have no reason to go with the current custom code in HiddenWallet.
The other direction is to implement something new. There are a few privacy preserving wallet architectures out there, since I started working on HiddenWallet. At least at the idea level.
(1) I could do some smart things. For example with a minimal amount of user interaction, the user would not have to download so many blocks, but smartly we could figure out which blocks he has transaction in.
(2) I could also implement a centralized model, where the server is a blockchain analysis software, too, and its only purpose is to try to filter out which transactions the clients 100% cannot be interested in.
(3) Or look at Neutrino, which may very well end up the default LN wallet architecture. Although it needs server side code to be pushed into Bitcoin Core, which is quite a job, and I am still not 100% convinced about its privacy properties just yet.

Improving ZeroLink Specification

ZeroLink doesn’t have privacy flaws, but it has some user experience issues. I learned so much during the past few months, that I would be able to add many minor improvements, maybe some major ones, too, maybe I would even come to a groundbreaking realization or something. It might worth a try to revisit and look through some of the new research that’s been dropped into my desk since then, but I didn’t have the time to evaluate them.

Final Words

Again. A BIG THANK YOU for everyone who participated and I am very sorry for the unsuccessful test. A special thanks for Matthew Haywood for his work on HiddenWallet. Keep tuned, I’ll keep working on open source and on Bitcoin’s privacy, and launch ZeroLink in 2018! Merry Christmas and Happy New Year!