Blog > Bitcoin & Blockchain Tech

Schnorr

By Craig Wright | 03 Mar 2019 | Bitcoin & Blockchain Tech

Most of cryptocurrency efforts has been defined since Silk Road as one attempt after another to alter Bitcoin from a pseudonymous system to create an anonymous system that may be used for the dark web.

Image result for Schnorr

Unfortunately, the story about privacy has been manipulated. Private communications are utterly different to anonymous communications.

We need to consider accountability. Private communications allow people to engage in trade and to communicate knowing that their communications and exchanges are accessible only to the other party. Yet, such a form of communication is important, for all trade requires some level of reputation. There are many aspects of trade that are more private, yet here, the reality is that privacy is linked to an ability to seek redress against another party.

In Silk Road and other dark-web operations, it is by nature not a concern. In such an exchange, you cannot form a valid and enforceable contract. It is very simple, as illegal contracts cannot be enforced. In other words, a contract to engage in an illegal or criminal activity is void ab initio. Hence, you cannot legally enforce a contract to buy illicit drugs. Such has been the goal of all seeking an anarchist and anonymous coin. Unfortunately for such people, it is also what Bitcoin was designed not to facilitate. With an immutable evidence trail, Bitcoin creates a system that acts within the law.

To trade, to hold money validly, and to act within legal society as most people seek to do, we require money with traceability. In fact, to be money under law, the medium of exchange is necessarily traceable. Within existing laws, source-of-wealth legislation means that anonymous systems are heavily restricted and lead to an oppressive level of control. More importantly, ownership of money becomes fungible due to legal considerations. Money cannot be taken as with many goods due to a legal construct. In other words, when money has been exchanged without knowledge of fraud or malfeasance and for good consideration, it becomes the property of the receiving individual, and all ties to former ownership are severed.

The exchange requires that the individuals involved are capable of demonstrating a source of funds. If you have money that you have received and cannot demonstrate a source of, it is not always yours and can be taken in many instances. An example is the use of mixers. If you do not maintain the source and destination keys, you are not able to validate your ownership of such money and it can be disputed. More importantly, it is very simple to stop an anonymous system. One thing we all should have learned from the rise and massive collapse of cryptocurrencies in the 1990s is that anonymity is the enemy of any cryptographic monetary system. Just as the government was easily able to stop eCash, it can easily stop another anonymous system.

So, why Schnorr?

It brings us back to the endless progression of so-called fixes and improvements. We had SegWit, then Lightning, and now have a multitude of systems that are somehow going to make them work. It is a common method used by a lot of failing organisations in the Silicon Valley tradition: fail, until you succeed, or run out of money.

In doing so, we see an endless row of technical enhancements designed to deliver a promise to the market that this time we will succeed. Yet such is all it is, a mere promise.

But what exactly are they trying to deliver?

It seems to be the question that few people are asking. There are the common lies propagated about how they will enable scaling. The same lie was spread with SegWit, though the truth is, none of it has any relation to scaling at all. Unfortunately, very few people involved in the industry seem to have the technical capability to understand what is going on. And those that do are seeking something other than they promise.

In signature law, there is nothing particularly special other than an agreement to be bound. It requires an act or attestation by an individual — not a legal entity such as a company but a person. The misunderstanding in the legal framework around signatures and systems such as Bitcoin and derived alternatives lies in believing that a signature can be separate from an individual. A company cannot sign, and a machine or an agent cannot sign. The reality is that an individual agrees to be bound.

The way it was circumvented in the delivery of earlier EDI systems was to incorporate a binding master contract. In having such a contract, parties agree to be bound using the results obtained through the electronic exchange. There is no additional privacy in hiding through such a system, and it remains the individuals who are bound.

Which brings us to the endless push for changes to Bitcoin such as the eponymous Schnorr signature. It is consistently if a little dishonestly pushed as the solution to privacy woes. The truth is, it is not a privacy nor is it a scaling solution.

An individual can construct a system where they can be bound using such a signature, but so is not the reason for its introduction and continuous proposal. The real reason is that a group of technologists believe they can circumvent law and introduce a system that allows users to gain plausible deniability and hence some level of additional anonymity.

In a typical Schnorr scheme, if we have two signers in a cyclic group, we cannot be certain that there are not in fact multiple additional parties. For instance, if Alice is dealing with Bob, and Alice and Bob together form a joint signature and public key

P(joint) = P(Alice) + P(Bob),

then Schnorr allows for the additive processing of the individual signatures so that only one associated with P(joint) will be visible.

The requirement is that all parties sign. It is not a 2-of-3 scheme, it is an end-to-end scheme; consequently, all parties involved need to provide a signature. It is important as Alice has no way to determine if Bob is a single or multiparty signatory. As such, Alice could be entering into an exchange where P(Bob) is in fact itself a compass signature constructed of P(Mallory) and P(Biff) — so:

P(joint) = P(Alice) + P(Mallory) + P(Biff)

The proposed benefits of allowing a multiparty signature to hide the fact that you are backing up key parts are untrue. They are misleadingly promoting that Schnorr is going to provide an additional ability to backup keys privately. It is an utter falsehood.

The question is, what is gained — at least in the misguided belief of the developers seeking to introduce Schnorr? The belief is that, in not allowing Alice to definitively know who she is dealing with, the parties will be able to have a level of plausible deniability under the law. In theory, such developers believe that they can circumvent the legal process, and create a coin that will work on a dark web allowing drug sales in the manner that Silk Road promised. It, again, is utter bull. It’s the same fallacy that misguided attempts to lose records such as the Lightning Network keep proposing. Such developers and associated fools fail to understand that legislation such as the FinCEN (BSA) Bank Secrecy Act requires that records are maintained and that the mere act of deleting them is enough to make their system illegal. More importantly, it does not deliver plausible deniability. The exchanges between parties can be captured allowing evidential proof and the association of individuals with multiple transactions. And the fact that you are part of a signature whilst not allowing legality for non-persons to sign and be bound conversely delivers evidence when used in criminal trials.

What exactly is more private?

When implemented correctly, and where keys are not reused, Bitcoin can be as private as an individual would desire.

Keys can be exchanged using thresholds and ECDSA. It is possible on any system now. It can be a dealer-based system where an individual such as Alice can decide to split her key into multiple parts and issue parts of her key to other parties to enable recovery in the event of loss.

Further, keys can be split using dealer-less algorithms. Such algorithms can be constructed in a way that hides the membership or voting rights associated with a key. As an example, a corporate voting key could be divided between eight board members with a requirement for six of the members to actively engage in the reconstruction of a valid signature. So, the irony in the endless facade of seeking anonymity over privacy is that privacy offers more.

The Bank Secrecy Act (BSA)

The endless push to argue that the block size needs to be capped and to force people onto Lightning and other half-baked solutions is purely a response to FinCEN and legislation such as the Bank Secrecy Act. It is a misleading argument saying that ‘crypto’ is new and hence law does not apply. The entire argument is utterly ignorant. It seeks one purpose, the creation of a system that allows for the deletion of logs and records.

Silk Road was one of the worst things to happen to Bitcoin, and yet also proved the efficacy of the system. It proved that Bitcoin would never be a good system for dark-web money. It was intentional and designed into Bitcoin from the beginning. As money, it must be traceable.

As a promissory-note system, in the form of the Lightning Network and all other associated misguided attempts to move the settlement off-chain and hence allow exchange without records, there are many aspects of the BSA that need to be considered by nodes.

The Bank Secrecy Act (BSA) was introduced in an effort to combat money laundering and terrorist financing. The act comes under the control of the Office of the Comptroller of the Currency (OCC) in the USA, and mirrors requirements that need to be enforced globally.

BSA 31 USC 5311 et seq introduces a complete set of requirements detailing record-keeping and reporting practices. In Bitcoin itself, all records are maintained on-chain, and are publicly visible. Any exchange, bank, or other organisation is able to monitor the records and also require documented proof of the source of funds. Such laws don’t go away or change because of technology, nor shall they.

Interestingly, although Bitcoin itself or any of its derivative systems is not a store of value outside of the contract denominated in Bitcoin, the use of a promissory-note system within Lightning creates a store of value. It is a store of value under Pub. L. 111–24, title V, §503, and is not associated with the commonly misused term in economic analysis.

Lightning, by removing the clearing and settlement functions of Bitcoin and turning it into a node-based payment channel, now introduces reporting requirements, ones that are intentionally being circumvented by those creating Lightning. Fortunately, you don’t change the law by making something designed to allow crime.

Some people will think that such things apply only to banks and exchanges. A thorough understanding of the BSA will lead you to understand that such is not the case. In fact, any Lightning hub will start coming under the requirements of the BSA. There is no point in seeking to alter Bitcoin to create an anonymous coin. Far better anonymous coins have existed. All of them have been shut down. The one thing that allowed Bitcoin to survive is that it is within the law. There is no future for any cryptocurrency acting outside the law. They are very easy to stop.

Systems such as Monero are incredibly easy to stop, and come under existing legislation.

Miners

As with the worst addition to corrupting Bitcoin, P2SH, Schnorr signatures remove some of the validation from miners. In seeking to consistently alter the protocol, the BTC Core (SegWitCoin) developers are seeking to create a system that cannot be validated fully. At the end of the day, it shows their hatred for Bitcoin.

As the Bitcoin halvening approaches in the next year, we are not going to see a manipulated spike with the regulatory bodies now closely watching Bitcoin exchanges (a.k.a. backstreet gambling houses or bucket shops). Rather, the use of on-chain transactions that are competitive with other systems on the market will need to fund the difference in incentives, or the miners will leave the chain. We can expect the combination of legislation being enforced (it exists right now) and the halving to drastically impact the price of BTC. The elephant in the room that nobody talks about is really the economic cost of the transactions. To be competitive in a way that allows people to move from existing systems to Bitcoin requires a marginal fringe cost of around 0.005 USD a transaction — no more. Even that is too much. To compete with the existing commercial system, Bitcoin will need to scale to thousands of transactions a second and an average cost of around a tenth of a cent per transaction or far less.

Removing profit from miners is just the perfect way to kill the chain.

Fortunately, Bitcoin is incredibly robust. It was designed to allow the legal integration of electronic cash and much much more. As many fraudulent attempts occur, people will start to wake up to the fact that nothing is really being achieved. No growth is happening in BTC, and the endless integration of useless technology such as Schnorr that is designed with one reason, to circumvent the law and create an anonymous crime coin, remains a dead end.

Then again, watching the Rube Goldberg machine in action has been fun. If such individuals had actually taken the time to see what was happening, they would have started focusing on attacking what we were doing. Meanwhile, we are approaching number 700 in patents filed, and I expect to have number 1200 filed over the year — at least.

Thank you for discounting me, and thank you for ignoring us for so long.