Tornado Cash Illustrates Crypto’s Decentralization Problem

Crypto has a decentralization problem. And it’s not that it’s too decentralized. Nor is it that the decentralization de facto is non-existent due to the mining power being centralized at a few players. It’s that crypto fundamentally is not decentralized, which creates some interesting, potentially unsolvable problems.

Crypto is the “money” of choice for crime. Proponents will tell far and wide about how it is decentralized, anonymous, and cannot be stopped by governments. This week TornadoCash, a mixer (a tool for money laundering) was sanctioned by the US, making any ethereum touching the mixer tainted and extremely illegal to touch. A mixer is a tool that allows mixing your very illegally obtained crypto currencies with other peoples crypto currencies which for the sake of argument we shall pretend was not obtained via crime (it was). The wildly incorrect theory is that if you mix a little illegally obtained crypto with a lot of legally obtained crypto, it all becomes legal. Even ignoring that the reality that it is mixing a little legally obtained crypto with a lot of illegally obtained crypto, this is of course hilariously incorrect. As one person said: it works like homeopathy is supposed to: trace amounts of illegal crypto makes it all illegal.

The crypto bros are all up in arms, not only with the discovery that the government can in fact technically sanction their uncensorable “money,” but also that they can theoretically sanction software like TornadoCash which is totally just free speech. Ignoring that writing the software is free speech, using it for illegal purposes is not. Just like you cannot go 200 in the city despite cars being legal.

Today I saw a better argument, that using TornadoCash is necessary to have anonymity on a public blockchain. I don’t think it is an argument against sanctioning Tornado which was provably used to launder huge amounts of crypto for Best North Korea and Russia, but I think the argument has legs to stand on in isolation. Not all may agree, and that is fine, but I think it is dangerous to go against a disingenuously made argument just because it is made in bad faith or by somebody you disagree with. People will and have made shitty arguments for saying slurs based on freedom of speech, but that does not mean freedom of speech is bad. Where the limit goes exactly is up for discussion, but the qualitative aspect of whether do reject a standpoint due to who made it is dumb in my opinion. The tendency to do so is, btw, known as the halo effect in psychology. My personal opinion, for whatever little it is worth, is that people should be able to say anything, also slurs, without legal repercussions, but that people should generally not say things that hurt others – it’s better that people avoid hurting people out of a desire to not be an ass than out of fear of law enforcement. Yes, that’s a naive standpoint, I don’t care.

But why does crypto have a privacy problem after all? Don’t bitcoiners always talk about how it is anonymous? Turns out, it is not. Bitcoin (and other bitcoins like ethereum) are not anonymous, they are pseudonymous. You cannot see people’s names, but you can see an unique id for them (you can think of it as the bitcoin address crypto hopefuls like to spam, though the truth is a little more complicated). Such data can be deanonymized relatively easily. If you know one person’s address and who they transact with, you can make good guesses at who other people are based on transactions plainly visible on the blockchain. The ability to do so only increases over time as more becomes known and analysis methods get better. Some years ago, I downloaded the bitcoin blockchain to do exactly that, and since then big companies like Chainalysis are centered around tracking crypto on various blockchains for freezing especially illegally obtained bitcoins. The tax evasion you made 5 years on the blockchain and thought you got away with? It might be caught tomorrow, next year, or in 10 years. Have fun being rich.

I think anonymity is somewhat warranted. Most people don’t want to broadcast all their transactions to everybody on the web (nobody needs to know about the diesel-powered horse dildo you bought or that every Friday you like to buy icecream despite allegedly being on a diet). There’s a balance to strike: I think anonymity stops when it comes to tax evasion and there’s no need for a system to support illegal transactions. But here’s the problem: with a public blockchain, it is not possible to support both without giving the government the ability to follow all transactions (and I don’t think governments can be trusted with that ability, and there are other good arguments against giving governments master access to such data).

I recall the same discussion from reading the manual for PGP back in the 90s. PGP was one of the original pieces of software for strong encryption of data available to “everybody.” It was so good that it was illegal to export the software from the US. I don’t recall whether I broke the export regulation by downloading from the US or I downloaded from some European server (likely the latter for legal and also speed reasons). The manual comprised 3 parts: a description of what public key encryption is and how it can be used to sign and encrypt information, a technical usage guide to the application, and a political manifesto, likening the use of cryptography with the use of envelopes top send mail instead of open postcards allowing everybody to read the contents. The argument at the time was that only criminals needed encryption, but that everybody deserved the privacy it would allow, so by normalizing the usage – like it was normal to put letters in envelopes – it would be possible to normalize the use so people using encryption would not be made suspicious for that alone. It is again possible to argue about where the limit should go exactly, but today end-to-end encryption is relatively standard in messaging apps, completely standard towards banking websites, and I think there’s an argument for having your aforementioned dildo wrapped in a plain Amazon box when you have to pick it up at the post office.

The problem at the core is that despite what crypto bros like to tell you, time and time again, why won’t they shut up?, blockchains are not decentralized. Everybody has a full copy of the entire blockchain, it’s the only way it can work. This means everybody can read all transactions, so the only way to ensure anonymity is by making it impossible to follow transactions. Mixers offer that service by blending crime crypto with theoretical non-crime crypto, effectively severing the sender and recipient. Some bitcoins (like Monero, the choice of child pornographers and drug dealers) come with mixers built in, others like bitcoin and ethereum rely on separate services. Exchanges also work like mixers: send money to an exchange to mix it with all the crypto on the exchange, then withdraw to real money or crypto with some level of deniability, though the exchanges in principle have a paper trail linking sender and recipient. This is not a technical problem, any cryptographic technique able to hide transactions while keeping mining possible would have the same effect: everybody can read (no privacy) or nobody can read (tax evasion and other crime).

The need to have the entire blockchain is called replication. There is no dichotomy between “everything in a central place” and blockchain. There is a wide array of methods that can provide various levels of decentralization and replication is just one. They were all invented decades before bitcoin and several provide better decentralization then replication. Replication is useful if you have many readers and few writers. For example, it is useful to replicate databases so different web-servers can read data quickly. As soon as they have to write, they all have to synchronize, which makes it slow, though. This is why bitcoin will never be able to scale: writing cannot increase speed beyond some threshold. This has nothing to do with blocksize, it is a fundamental issue of how bitcoin is designed even if bitcoiners one day solve the blocksize problem (they will not).

There are other ways to do decentralization. One is called distribution, where you have multiple parties that all trust each other. This is roughly how banks work now: all my transactions are handled by my bank and your transactions are handled by your bank. Unless we have the same bank, our transactions never need to interfere with each other, which is good for anonymity (your bank cannot see how I spend my money) and for scaling (the system can handle more transactions simply by adding more banks). I can still transfer money to you because my bank trusts your bank and vice versa, and while my bank can see some information about where I spend my money, they do not have a full picture. A government can still, court order in hand, see my transactions if there is suspicion that I am doing crimes (e.g., if I’m using bitcoin and especially if I’m using TornadoCash) but is otherwise blind to my icecream spendings. The current system is in many way much better than blockchains: it provides better anonymity, it provides better decentralization, and it provides better scalability.

The current system does rely on banks as intermediaries, and while my distrust of banks is lower than a lot of other people’s, I still think there is value to having a system that’s less centralized. I have for a while worked with health data. In the past, we ran a central service validating all messages sent between all providers of healthcare services in the Netherlands. It was a useful service and something you could do 10 years ago. We started phasing that service out but wanted to keep the core validation functionality. The reason for phasing it out should be obvious: if our service is down, the entire country’s health services are unable to communicate and all messages go thru gives a single point of attack for data leaks and other malfeasance, so such a service must be hosted extremely securely. We started developing decentral service instead. It no longer was a central service we were running, instead it was an application individual software providers or healthcare providers could install and run on their own already secure networks where the data already was. The application would fetch the standards from our central service, cache them locally, and validate the messages at the individual provider. This solved all of the problems by removing the central point of failure/attack. All of this was accomplished without a single blockchain and with much more decentralization.

Similarly, it is possible to transfer money in a more decentralized manner without relying on a blockchain. One important consensus method is the quorum model: with that, you do not have to trust a central authority, you instead have a number of authorities and just need approval from (or to trust) some of them. The exact setup varies a bit, but you can conceptually think that if you have approval from 51% of the authorities for a transaction, it has been executed: it is not possible to have simultaneous approval for spending the same money twice independently from 51% of the authorities because there’s an overlap of at least 2% of them, and they can see that you are trying to spend money twice and reject one of the transactions. There are ways to make it more efficient (you can fairly easily reduce the number of approvals from around half to just under two times the square root of the number of authorities, and more advanced schemas exist for improving reading vs writing). It might be possible to develop a banking system based on this.

In fact, the proof-of-stake paradigm is just the quorum model implemented by people who are suffering from terminal not-invented-here syndrome. Much like Satoshi, the inventor of bitcoin, thought he had solved consensus by proof-of-work (which turned out to be incorrect), proof-of-stake think they have solved quorum models by giving people authority based on how right they are. Yes, that’s true: the system that was intended to democratize money is literally a democracy where your votes directly correspond to how rich you are. There is no way that can go wrong.

Crypto bros will counter this with side chains and shit that does not actually exist. Until they can prove a practical and actually implemented system has the promised qualities, there is no need to take them seriously. They are comparing a theoretically ideal version of their idea of a future system with their poor understanding of the current system.

So, crypto has a decentralization problem: it is not really decentralized at all. This has lead to anonymity problems, where you have the choice between blasting your dildo purchases to the internet or directly supporting child pornography and terrorism. Crucially, this is not an argument against the need for anonymity in transactions, even though the anonymity argument is made by bitcoiners in bad faith to protect their crime dollars, it is an argument against blockchain-based currencies. Amusingly, the “legacy” banking system is much better for decentralization and anonymity than blockchain can ever be, even if all the claims made by people with an economic interesting in the system being perceived as working are true (they are not true).

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.