Teleport isn’t just the new anonymity technology that powers BitcoinDark. It’s jl777’s complete privacy ecosystem that also forms the backbone of SuperNET (asset ID 12071612744977229797 on Nxt Asset Exchange). So how does it all work?
So-called anonymous coins come in many different forms, but they tend to rely on a limited range of different approaches towards achieving anonymity. One of the most common approaches is mixing, which essentially means combining a lot of different transactions so that it’s hard to know which output originates from which address. For example, Darkcoin uses an implementation of CoinJoin, a mixing protocol.
Another approach is to use ring signatures, like Boolberry or Monero. Whereas most transactions are signed by one key, with a ring signature a number of different keys can sign the same transaction, so it becomes far harder to know who sent the transaction in question. Ring signatures arguably offer a greater degree of privacy but they come at the cost of considerable blockchain bloat – though Boolberry’s developer has found a neat way to sidestep this issue.
Mixing offers what might be called ‘personal level’ privacy – good enough for many day-to-day circumstances. Ring signatures are a step up from that and can be very effective (hence BBR’s inclusion in the core of SuperNET). But even there, some correlations might be made by a determined attacker.
Teleport: a new approach
Teleport uses a completely different approach to anonymity. Like many of the best ideas, Teleport is elegant in its simplicity – it’s just that there are complex concepts to negotiate along the way. Instead of looking for a way to obscure the source of a transaction, Teleport considers the methods by which an attacker might find out who is sending a transaction and aims to avoid them altogether. To explain further:
Transaction linkage. With Bitcoin, every address can be linked to the one used before it, right back to the block from which it was mined. If you know the identity of the owner of one address or take an interest in the activity which a certain address displays, you can follow the transactions to and from it – and very likely eventually link that person with another known address. Teleport avoids this by using one-time addresses called telepods. If no address is used more than once, it’s impossible to link it to any other part of the network. In the original Bitcoin white paper, Satoshi Nakamoto recommends using new addresses for every transaction. Suffice to say that few people do so because it’s too much trouble. Teleport builds this into the system.
Timing attack. Perhaps you know that a given transaction was supposed to happen at a certain time. Because everything is on the blockchain, any transaction within the relevant time frame falls under suspicion. This can be used in conjunction with other methods to narrow down the list of transactions to analyse. Teleport introduces random delays and allows recipients to decide when to move the money they have been sent in a telepod, so a change might only show up on the blockchain much later.
Mantissa attack. If you send a distinctive amount of money – whether that’s a very large sum, or one with a characteristic mantissa (the numbers after the decimal point), then it’s extremely easy to spot on the blockchain and follow. A mantissa attack – a term coined in the Teleport DarkPaper – is particularly effective if you know someone is transferring a dollar equivalent of money, perhaps because they have posted the information in a forum or it has otherwise been intercepted. Knowing the exchange rate and the rough timing of the transfer allows a high degree of correlation with blockchain transactions that fit the right criteria. Teleport uses standard denomination telepods – units of 100, 50, 10, 5, 1 and so on – so that unusual amounts won’t raise any flags.
Whilst taking care of the above vulnerabilities should be sufficient for everyday privacy requirements, you do of course also need to guard against voluntarily disclosing personal information; a huge amount of data relevant to cryptocurrency addresses and transactions can be and is harvested from forums and other sources in a method known as fingerprinting. As an aside, if you have your crypto address in your signature, you might want to think again – at least, if you take anonymity seriously.
However, even having adopted good personal practice as regards securing your privacy online you could still be vulnerable to a well-resourced attacker correlating activity from your IP address to movements on the blockchain.
IP address detection. For those wanting a really robust solution suitable for hi-tech business (think industrial espionage) or resistant to intrusive government surveillance (China, US, UK…) it’s necessary to hide the fact that you are the one conducting a transaction at all. This is where the privacyServer comes into play. It’s the piece de resistance of Teleport, and it’s what makes it a platform capable of supporting so much more than just a simple cryptocurrency transaction.
Instead of submitting a transaction directly to the network, the privacyServer encrypts it multiple times and passes it through several other nodes (other privacyServers) first – a technique known as onion routing, used by other applications including the infamous TOR project. Not only that, but every transaction is also split into several pieces and sent to a number of different nodes, only some of which send it on to its final destination (and this is the simplified version!).
The result is that even if an attacker knows that you are part of the network, and even if they compromise one or even many nodes, it becomes incredibly difficult to link the user with the transaction that ultimately follows, given that it’s bouncing around many intermediaries and being pulled to pieces and reconstituted at the end. As a broad analogy, imagine printing a paper wallet for your bitcoins, photocopying it several times, shredding the copies, then sending multiple nested packets of the paper fragments to lots of different people, some of whom forward the contents on to others, some of whom forward those contents to the final recipient, who piece the shreds back together… ‘Impossible’ isn’t a word that should be used in these circumstances, because a determined attacker with unlimited resources can always find ways to cause you trouble, but it’s about the closest thing to complete anonymity available in the foreseeable future.
Pros and cons
The result is an extremely robust system that uses both common sense and cutting-edge technology to prevent an outsider from learning what’s going on inside the BTCD ecosystem. Moreover, by using services such as InstantDEX and TradeBots (instant and automated trading applications), the advantages can be extended to any other supported cryptocurrency: BTCD will turn anything dark.
There aren’t many downsides to Teleport. One is simply that setting up a fully effective privacyServer requires a certain degree of technical competence and possibly a small financial cost for a VPS, though you’ll still enjoy pretty good privacy without that. Another is that transactions are best made when both parties are online; because the recipient is (in a very simplified explanation) being sent a private key and using it to sweep the balance of one address into a new account, a long delay could give rise to double-spending on the part of the sender. This would never result in lost funds though, because the transaction would not be acknowledged as complete by the recipient. It would, at most, be an inconvenience. In other circumstances it could even be considered an advantage because the delay brings added protection against a timing attack, should the attacker even be able to correlate activity from the sender’s IP address with any blockchain activity in the first place.
Brave new world?
With continued revelations bringing to light the unprecedented levels of surveillance from the NSA and other government agencies, as well as the rise of big data and the aggressive, large-scale harvesting of personal information by corporations, it’s fair to say that both sides on this issue will be upping their game. The arms race for privacy is only just getting started. For now, it’s nice to be one step ahead of the competition.