Paul Sztorc

Independent Bitcoiner, Blog: (link: http://truthcoin.info) truthcoin.info, Projects: (link: http://drivechain.info) drivechain.info, (link: http://BitcoinHivemind.com) BitcoinHivemind.com, Retweet != endorse PGP 16C81597 E76E86E6 C01EF037 AA4B3330 F162C410

Expensive Privacy is Useless Privacy

13 minute read

Expensive Privacy is Useless Privacy

By Paul Sztorc

Posted September 11, 2018

Privacy is impersonation. To be useful, a privacy tech must be [1] cheaper, or at least [2] have costs which are themselves private.

1. Something to Hide

Sometimes, we need to keep a Truly Important Secret.

And I mean “important”. Not a triviality or some piece of gossip – something that we really don’t want anyone else to know. Above: Adam and Eve hide from God. Taken from this website.

A. Resembling The Innocent

In such circumstances, we start to take Secret-Keeping seriously. We need the secret information to remain hidden. We simulate, in our minds, exactly what we think other people are like, and how [we think] that they learn things. We obsess over their ability to conduct which-kinds of research (and at-what-expense). We find ourselves absorbed by their interests and their distractions, over how they spend their “down time” (at parties, or at the dinner table), their expectations for engagement in conversation; which pretexts they will find believable.

For example: an early romance at around age 15.

Eg, the hackneyed “teenage crush”. For example, Teenager 1 will “like” Teenager 2, but will keep this information dreadfully secret! Throughout modern history, many a popular children’s television program has a main character or two burdened with this dire tribulation.

In this situation, we are equipped with this skin-in-the-game, and become much smarter than normal. We intuitively grasp something, that would otherwise pass for complex and arcane Baysian reasoning. It is an essential precept of both privacy and freedom.

It is that keeping the secret also involve keeping a meta-secret.

In other words, you are not only keeping something hidden. You are also pretending that you have nothing to hide. Teenager 1 has to pretend that ‘talking about crushes’ is exactly as boring or interesting as it was before.

B. The Meta-Secret

Once, my mother told me that she had “exciting news” to reveal (in other words, the news had henceforth been secret). But before she said another word, I had deduced immediately that my step-sister-in-law was pregnant – and I was right: this was, indeed, the secret.

I actually would never have just guessed it out of the blue, or assigned it to be likely (if, for example, I were presented with some sort of list of possible events, and asked to estimate their likelihood). But of the possible secrets that my mother could be keeping from me (and would then reveal), it ranked very highly.

If my father revealed that he had “exciting news” to announce, I would then know that he was about to explain that he intends to retire, sell his house in Connecticut, and move to Florida. I do not currently expect him to do this anytime soon. If my brother announced, I would know that he was about to say that he was getting engaged to his girlfriend. Again, I have no current expectations of either. I am not extrapolating from a set of “likely” events – it is only the “learning that a secret exists”, which makes me assume that they are imminent.

Similarly, if I had learned that “a secret exists between my brother and the CIA (or the KGB)”, I would –without knowing what the secret is, exactly– be forced to revise my opinion of him substantially. As I would if I learned that some secret were between him and a ballet school (or an alchohol rehab program, or an HIV clinic).

This concept I call the “meta-secret”. I make no pretense to have discovered it – it is ancient wisdom to all secret-keepers.

"..the most important part of any secret
 is the knowledge that a secret exists..."
-HPMOR, Chapter 48

C. Publicly Hiding Something

Imagine that Adolf Hitler shows up at your house, and asks you if you are hiding any Jews in your attic. He wants to send all of the Jews and the Jew-lovers into the furnace and burn them all alive, basically for no real reason.

And imagine that you are indeed sheltering some Jewish people in your attic. How should you respond?

But before you respond, ask yourself: what did my neighbors say, when asked this question?

You estimate that they said the following:

The Head of Household A says “No, I hate the Jews. I hope you find lots of them and burn them all.”

HoH B says the same thing.

But HoH C actually is hiding some Jews in his attic. Nonetheless, he imitates HoH A. (And so he and his Jewish guests live to fight another day.)

HoH D, being very naive, believes that “lying is wrong” (whatever that means). So he says “I admit there may be some Jews here. But all people have an equal right to share in th–” but before he can finish his poetic thought he and his entire family (and the Jews living in his attic) are arrested and killed.

Finally, consider HoH E: He says, “This question is objectionable. I have the right to use my house any way that I damn well please. None of your business!” and he slams the door. Of course, the Gestapo raid it that night, find the Jews in the attic, and kill everyone.

You see, if you are going to really keep a secret, you have to commit to it completely. You need an entire second identity. You are resembling an “innocent” person.

"...to keep a secret ...I must give no
sign that differs from the reaction of
someone truly ignorant."
-HPMOR, Chapter 70

Imagine that Modern Hitler comes next for the gays. He asks German Men, via survey, whom they feel most attracted to. The survey options are: [1] women, [2] men, and [3] decline to answer.

Option three is, really, not a serious option. All of the straight German men will be proudly checking option one, en masse. And anything other than what they do will look suspicious. Admitting that you have something to hide is already a total defeat. The only thing that you could hide, in this context, is a “shameful” thing. So hiding is not an option.

D. Block Explorers

Imagine that Hitler knows, using data from other countries, that around 3% of the male population is homosexual.

He then decides to use public surveillance, instead of a survey. He discovers that 98% of German 18-24 yr old males use public roadways to hit up the clubs, on Friday/Saturday, to get laid with women. But 2% are “staying home to read” or are “working on their careers”. And he further discovers that, on Facebook/Twitter, 95% of good-looking bachelors freely talk to their friends/family about girls, but 5% instead become “irritated” and change the subject. Some percentage of the population is aberrant.

I don’t know, it just seems obvious to me – if you really need to keep the secret [from someone], then you have to go all the way. You have to do what they expect a truly unsecretive person would do – go to bars with your friends, get married and have kids and all of that. You’re either keeping the secret [again – from someone] or you aren’t.

E. The Pretext

One of mankind’s most powerful technological innovations is the pretext– a justification for doing something that is fake, but irrefutable. Pretexts act as a kind of “social shield” or “social encryption” that one can hide behind. Specifically, you can hide your motivations. Your secret motivations.

For example, imagine that Teenager 1 (“Alice”) wants to spend more time with Teenager 2 (“Bob”). So Alice decides to join a drama club that Bob is in. While doing so, Alice will misdirect the audience’s attention, to the non-Bob attributes of the club. In other words, she is sure to remark loudly that she loves acting (etc). And Alice may fool a few people with this ruse. But, much more importantly, Alice’s claim [of interest in drama, vs an interest in Bob] cannot be easily [dis]proven by anyone. And therefore most people will be disinterested in the claim’s truth or falsehood. Mission accomplished!

In fact, even those who are nearly certain that it is a lie (for example: Alice’s rivals, or long-time members of the drama club), cannot prove their knowledge to anyone else, without appearing to be suspicious or dark-minded themselves. And so even the suspicious people are forced to self-censor their suspicion. The fact that Alice is up to something, goes un-discussed. (At least, not openly.)

F. Dis-Entanglement

The pretext works because some people really do enjoy drama club, and really are interested in joining it for the first time. Since “interaction with Bob” is entangled with “participation in drama club”, we can’t know for sure which event Alice is after.

But, like Hanson’s Clothes, the pretext starts to break down as it becomes more expensive. Drama Club is one thing, but what if it met on Sunday mornings? Or two hours away from the school? (Or what if it were just objectively not fun at all, a terrible experience.)

A sufficiently Bob-motivated Alice would still join drama club, and invent the appropriate pretext. And it will still be impossible to prove her state of mind, or to talk about it without seeming nosy or obsessive.

But, alas, things for Alice are about to go horribly wrong! Say that the school has two drama clubs, identical in all ways except two: Bob is in Club 1 [but not Club 2], and Club 1 costs $5 to join [but Club 2 costs nothing]. Choosing Club 2 is effectively “buying Bob” for $5.

Since the clubs are identical in every other way except Bob, there are now no pretexts available for Alice to use. Even if Alice is super-super-wealthy, it makes no difference. There is only one reason for Alice to pay that five dollars: to be with Bob.

Above: “Market for lemons” title slide image, from this presentation.

Alice can try some new pretext, ie that Bob and Alice are “friends” and want to hang out together. But only if they are already friends. If Alice is trying to make a new friend it will not work[^n] – it will be obvious, and possibly desperate.

Aside: this may shed some light on the puzzling but incontrovertible claim that “making friends” requires there to be “unplanned interactions” among potential-friends.

2. Bitcoin Privacy Technologies (ie “Fungibility”)

Now…

…with all that you’ve just learned…

…I would like you to tell me, what the key difference is, across the following Bitcoin Technologies:

Column 1 Column 2 Column 3
Reusable (“stealth”) addresses, The lightning network, Non-interactive CoinJoin w/ Schnorr signature aggregation, TumbleBit, Dandelion, Taproot Sending your own BTC to yourself N times. Ring Signatures, zk-SNARKs, Confidential Transactions, Confidential Assets, Interactive CoinJoin

Column 1 contains technologies that are more private, and also cheaper or more convenient for the user. Reusable addresses are much more user-friendly than our current process [of awkward interaction, over an endlessly mutating list of gibberish]1. LN and Schnorr-CoinJoin are literally cheaper to use – they consume fewer on-chain bytes. And developers [we can assume] will eventually make TumbleBit, Dandelion, and TapRoot the standard or default behavior2 for clients/LN-hubs/MASTs, at which point doing anything else will be inconvenient (and suspicious).

Column 2 contains one item: “sending your own BTC to yourself”. This is certainly not “free”, because each txn costs one tx-fee. However, the costs are themselves 100% private3– no one knows, for sure, that you are going out of your way to pay-for-privacy. So the cost-differential is itself private, making it unobservable.

This is, incidentally, why it does not matter that TumbleBit and Dandelion are “more expensive” in that they require more CPU cycles (relative to “basic” LN-hubs or node-txn-rely). No one observes CPU cycles directly, and even if they could, observers couldn’t prove their observations to third parties. The CPU cycles, just like self-sending cycles, are done in private.

In fact, any fake txns that you broadcast will not only mix your coins, but they will also make the chain as a whole more incomprehensible. It is even (speaking very roughly) the privacy model advocated by Satoshi himself:

Column 3 contains privacy technologies that are more expensive to use. Thus, they will tend to be exclusively used by “the guilty”, as any innocent person has no reason to pay up4.

I am sorry to trod on other people’s hard work, but I don’t see any hope for the members of Column 3. While those techs certainly have academic value, and while they could certainly be stepping stones to greater technological improvement, they are unserious and should be discarded. Any talk of their use or implementation is perplexing at best. They are in the situation I outlined above, of Alice paying $5 to join the Bob-drama-club. These techs make no attempt to achieve the goal of privacy: to allow the Guilty to resemble The Innocent.

3. Applied to Bitcoin Itself

This critique –that expensive privacy unravels, Market-for-lemons style– can be easily applied to Bitcoin itself.

In fact, it’s so easy that a sitting US Congressman has already done so, on camera no less!

I give you the comments from Congressman Sherman on July 18, 2018, emphasis added:

“[Bitcoin] seems to be a solution looking for a problem. What can an honest citizen not do… I can be in the smallest hamlet in rural India, and use my VISA card. I’ve never had a problem paying somebody. …we have pretty efficient, mostly digital, transfers of dollars every day… So what’s the problem [that Bitcoin is] trying to solve? …unless I’m a tax evader or narco-terrorist. … I’m trying to illustrate that it [Bitcoin] is a solution, only to the problems of tax evaders, criminals, and terrorists. … the currency whose sole value is helping the before-mentioned ne’er do wells.”

As you can see, he lays out exactly the argument that I have been making. That Bitcoin will tend to be used “sole”ly by “ne’er do wells”, because it is marginally useful to them and marginally inconvenient5 for innocent people. And therefore that Bitcoin should be completely suppressed.

If we are interested in defending against this argument, then Bitcoin must do something else for ‘the Innocent’.

The obvious choice is for Bitcoin txns to be cheaper, because everyone prefers having more money to having less money. Unfortunately, this choice has become needlessly controversial with the rise of the Great Scaling Dispute.

Another choice would be to emphasize Bitcoin’s use in anything hitherto-impossible, such as “smart contracts”. Unfortunately, any “smart contract” could be turned into a more-straightforward dumb contract, using the formula “smart_contract = dumb_contract + ( brand_name OR judicial_system ). And so these transactions would not truly be “hitherto-impossible”, and so Sherman’s critique [that Bitcoin is useless for Innocent people] would still apply.

Footnotes

  1. Especially after they are merged with blockchain identity technology.
  2. In my upcoming Introduction to Game Theory, I will describe the surprisingly extreme power of the “status quo” or “defaults”.
  3. Assuming, of course, that you take appropriate internet privacy precautions when physically broadcasting the transactions. For example: broadcasting these transactions while connected to a VPN, or to TOR, or while behind several proxies, or at the public library, etc. (I say “physically” because electromagnetism is physics.)
  4. Other than idealism. In other words, these privacy techs may be used by a few almsgiver privacy-advocates. But this simply cannot scale. Oover time, regular users will defect to the cheapest and easiest-to-use technologies (as they should), and so the use of awkwardly-expensive technologies will look more and more suspicious.
  5. We can see that Innocents today place a high premium on convenience, as many use the Venmo app and maintain its default “everything public” privacy settings.