BSIP: 0008 Title: Privacy (STEALTH) Mode Authors: Daniel Larimer Fabian Schuh Status: Draft Type: Protocol Created: 2015-12-16 Discussion: Worker: 1.14.18 # Abstract Privacy Mode Transfers (a.k.a. Stealth Transfers) are used to maintain user privacy. This feature helps set BitShares apart from most other crypto currencies and offers tremendous value to the users who are most interested in privacy, liberty, and freedom. In practise they combine the techniques of *blinding signatures* to hide the amount of a transfer and *stealth addresses* (similar to TITAN in BitShares 1) to hide involved parties. # Specifications This proposal involves creating a new front-end feature on the account page in the web wallet to allow users to enter the *privacy mode*. Here, users will be able to create *private accounts* which are labeled private keys. They will also be able to manage *private contacts* which are labeled public keys. Neither private accounts nor private contacts are tracked on the blockchain since those keys are not used directly. Instead, each transaction will derive a transaction-specific address from the private contact's public key. A off-chain memo helps the receiver identify the deposit and derive the corresponding transaction-specific private key from the private account. Users will be able to monitor their private balances and take the following actions: * Transfer from public account to their own private balance * Transfer from one of their private accounts to one of their private contacts * Transfer from one of their private accounts to any public account * Register a new account using a private balance. * Receive a private transfer from a 3rd party given a transfer receipt. These features are already available on the blockchain level using *address authorities* and *key authorities* and indicating that a transaction to that account has to be made in private. ## GUI Mockup The goal of this proposal is to have a front end developed (or integrated into an existing web wallet) that allows ordinary people to use the privacy mode without further knowledge about the underlying technology. Thus, a proposal for the user interface has been drafted and is attached to this proposal as [pdf](bsip-0008/gui-mockup.pdf). [slide 1](bsip-0008/gui-mockup-0.png) [slide 2](bsip-0008/gui-mockup-1.png) [slide 3](bsip-0008/gui-mockup-2.png) [slide 4](bsip-0008/gui-mockup-3.png) [slide 5](bsip-0008/gui-mockup-4.png) [slide 6](bsip-0008/gui-mockup-5.png) [slide 7](bsip-0008/gui-mockup-6.png) [slide 8](bsip-0008/gui-mockup-7.png) [slide 9](bsip-0008/gui-mockup-8.png) This draft has been designed with user experience in mind but may be improved if it serves its purpose. # Implementation Aspects ## Backup Considerations Because private transfers are not recoverable from blockchain data alone, backups of your wallet after receiving a new private transfer are *required*. ## Javascript Implementation This proposal will require the use of a JavaScript library to perform the necessary crypto operations in the web wallet (see [1]). # Funding BitSharestalk.org forum user `onceuponatime` has proposed to fund the development and implementation of this feature in full as a private investor and at zero cost to BitShares shareholders. ## Contract between `onceuponatime` and Cryptonomex: The purpose of this contract is to develop a Privacy Mode feature, Privacy Mode fee accumulation account, Maintenance Account, Initialization Package, and GUI interface for BitShares scoped for a firm fixed price of $45K. The following requirements apply: 1. The Privacy Mode feature shall be implemented as proposed in https://github.com/cryptonomex/graphene/issues/452 (as amended). 2. It shall provide the following fee based services: * Transfer from public account to their own private balance * Transfer from one of their private accounts to one of their private contacts * Transfer from one of their private accounts to any public account * Register a new account using a private balance. * Receive a private transfer from a 3rd party given a transfer receipt. 3. Each of these services shall charge a fee initially set at 3x the standard transfer fee, but which may be adjusted from time to time by the owner(s) of the Privacy Mode's management account (see [BSIP-0008](bsip-0008.md)) 4. Fees shall be automatically distributed by the blockchain to the following accounts: * 20% to the BitShares network. * 20% to a Maintenance Account. * 60% to holder(s) of the Privacy Mode Fees accumulation account 5. The Maintenance Account shall be controlled by five specified manager accounts in a 3 of 5 multisig configuration. These managers will control the allocation of this fund to future maintenance and upgrade tasks. 6. The Initialization Package shall modify the blockchain to make the Privacy Mode feature available to users. 7. The Initialization Package shall make provision for the creation of generic Fee Based Assets (FBA) and set the fee for such 8. A GUI shall be provided in the Web and Light wallets to allow ordinary users to easily use the Privacy Mode features. 9. Documentation of the Privacy Mode feature and Maintenance and Fee Accumulation account shall be provided on the appropriate reference web sites. 10. Resulting software patch to the Graphene library shall have the same license as the rest of Graphene subject to the condition that the results of the Initialization package and fee distribution mechanisms are not modified. # Management Account The STEALTH asset will be issued by the "management account" (see [BSIP-0007](bsip-0007.md)) for this feature (as created by the initialization package). `Onceuponatime` will be the initial owner of the issued asset (not the issuer). This management account will have 3-of-5 multi-signature authority assigned to the 5 *largest* STEALTH holders weighted proportional to stake and will have the power to set the fee. # Roadmap * Feedback and discussion of this thread: *December 8 to December 10, 2015* * Presentation of an amended Cryptonomex Worker Proposal: *Dec 11, 2015* This worker proposal should include Milestones of what is intended to be accomplished by the end of week 1, week 2, week 3, week 4 and week 5 so that the Community can follow progress in the github. * Voting for Worker Proposal: *Dec 11 to January 1, 2016* * onceuponatime forwards $45,000 to Cryptonomex: *Jan.2, 2016* * Cryptonomex does the development and testing of the feature: *(4 to 6 weeks)* * Hard fork for implementation of the feature: *Monday Feb, 15th* # Worker Proposal The worker proposal `1.14.18` is dedicated to poll shareholders about their willingness to implement the Privacy Mode feature in a hard fork. It serves the private investor as an indicator whether shareholders would appreciate his investment and agree to upgrade the protocol accordingly. Since the implementation is funded by a private investor, the worker only pays approx. $300. # Discussion For the best user experience this proposal is best combined with proposal for *hosted wallets* (to be defined). ## No Participation in Referral Program The referral program does not play with Privacy mode transfers (because it is private, we don't know who the parties are or who referred them). This means that even if the fee were the same as the basic transfer, on average the lifetime member would be paying 5x more a Private Transfer than a Public Transfer. If you charge 3x the basic transfer fee, then life time members will pay 15x more for a Private transfer than a Public transfer. Percentage based fees are not possible with Private Transfers either because the amount being transferred is *private*! ## Worker as Poll When the project is complete, the new software will be presented to the witnesses as an opportunity to hard fork by switching to running the new package/software. At that time witnesses will face a choice: 1. Honor the proposal at the time the decision to spend the private investor's money was made, or 2. Honor the proposal at the time the product is delivered (if it has changed in the mean time). Acting against the wishes of Vote 2 could get them fired if enough people disagree with them keeping the implied commitment of Vote 1. Acting against the wishes of Vote 1 means that BitShares gets a reputation for reneging on a prior vote upon which an entrepreneur has relied. This means that even if some voters have changed their minds about this proposal by installation time, they might *not* decide to fire otherwise faithful witnesses for deciding to obey Vote 1 in order to preserve BitShares' reputation in future deals. Considering the participation rate in the worker poll: those who do not care enough to vote are ignored in the decision making process as it is supposed to be. ## Privacy Mode not Most Pressingly Needed The argument was raised that the Privacy Mode as proposed here is not the feature most pressingly needed for BitShares right now. ## Confidential Transfers already available in the CLI-Wallet The privacy mode is already documented and available for use in the console-line wallet client at almost the same fee as non-private transfers (December 2015). However, since these transfers cannot participate in the Referral Program (see above), all fees are paid to the BitShares network. This proposal, shall it be implemented, splits the fee for private transactions 20%/80% (similar to regular transfers with the referral program) and hands out 20% of the fee to the BitShares network. The other 80% are given to the maintenance account and holders of the FBA. As a result, for BitShares shareholders to keep their 20% transaction fee, the other 80% need to be paid by the customer. However, the fee for this type of transaction is only increased to 3x and not the required 5x. The assumptions are that the increase in volume for this particular transaction type and the additional customers compensate for this loss. # Summary for Shareholders The idea of this proposal is to increase the use of BitShares by adding an option for improved privacy to the BitShares customers. This features comes at almost no cost to the shareholders (see below) since it is funded by a private investor. Customers using this feature will initially need to pay 3x the basic transfer fee to the improved privacy. The revenue from this is split as follows: 20% go to the BitShares shareholders as burned BTS, 20% go to a maintenance account that will fund future development and updates for this feature and is controlled by several individuals. The other 80% go to holders of a special asset that will be created during a protocol upgrade and issued to the private investor to compensate for his investment. A hidden cost for BitShares shareholders is that in order to keep 20% of the transaction fees, the fee has to be 5x the basic transfer fee but is only increased by 3x. Even though this fee is a variable defined by the committee and thus can be changed, the authors of this BSIP see a good compromise between attracting new users and generating a higher revenue stream by relatively low fees. # Copyright This document is placed in the public domain. # See Also * [1] https://github.com/arhag/crypto-experiments/tree/emscripten/emscripten/libsecp256k1-demo