The fact that none of the popular crypto projects have this mechanism just goes to show that nobody was thinking all that deep about the human level of it.
Several crypto projects were in their own right political statements about taking back control and decentralizing institutions. I'm sure there are government-approved enterprise crypto projects out there that are happy for you to use their services, but a lot of developers especially those that work on things for free are more interested in the mindset of who cares if someone sends me free money. You don't see the GNU or similar licenses putting in restrictions for sanctions for a reason.
I don't think we're talking about the same thing...
> Several crypto projects were in their own right political statements about taking back control and decentralizing institutions
If these projects are about taking back control, why shouldn't I as a user have the agency to only accept transactions I approve?
What if someone dusts you NFTs with abusive imagery on IPFS linked to them? Or spam/scam tokens with funny smart contracts that trick you into doing something you don't want to do when you visit their project page?
It ought to have been an obvious feature from the beginning. Spam and public addresses have gone together since forever.
The very existence of a clear transaction history on the blockchain is the root of all problems. If everything is natively encrypted by zero-knowledge proofs or ring signatures, none of the issues - privacy and chain analysis, the possibility of tainting a coin, the appearance of centralized coin-mixing services with questionable security, and the numerous aftermarket privacy tokens and coin-join protocols - would exist. The idea of a privacy-preserving digital cash has been proposed since the 1980s, unfortunately this property is not found in many major cryptocurrencies.
Monero is definitely a better option for anonymity, but most crypto users these days just use centralized exchanges. I doubt the government will take kindly on people cashing out any anonymous currency regardless of your legitimate purposes.
As long as the government can print as much as they want then no. Cash is only partly anonymous but is still a safer bet than a lot of crypto if you are trying to achieve reasonable anonymity.
If there was a coin in which it wasn't observable whether you were interacting with a sanctioned entity, it wouldn't make it any more legal to do so. If it shared the same issue of allowing unsolicited transactions, the same problem would exist.
Even if said coin existed, it wouldn't guarantee privacy, because information about transactions can be recorded or observed off-chain, and that information can be compromised.
Zcash seems interesting to me in that it feels like Bitcoin without either ossification or getting overwhelmed into becoming a casino substrate like programmable currencies. It evolves but slowly and in a particular well scoped direction.
Zerocash is an academic paper and early implementation from a group of researchers -- a proof of concept of using zero-knowledge proofs to add privacy to a public blockchain ledger.
Zcash is the ongoing project based on Zerocash, started in large part by those same researchers, but with funded teams of engineers continuously iterating on the protocol and implementations.
My neo-bank (Revolut) has this feature. If someone sends me money for the first time, or isn't in my contacts, they have to explicitly accept it from their app before it actually lands in their account.
Ignoring that specific feature, if you did get money sent to your traditional bank account, you can always contact your bank and tell them you don't know what it is to avoid any trouble. This is not possible with Ethereum.
This is a consequence of Grin implementing the so-called Mimblewimble protocol. Quoting from [1],
> In Mimblewimble, outputs are Pedersen commitments r*G+v*H which combine value and blinding factor into a single curve point. The blinding factor serves both to hide the value and to control ownership. Correspondingly, a single (multi-)signature serves both to prove value balance (non-inflation) and to authorize transfer of ownership.
> There is no mechanism in crypto to reject incoming funds
Couldn't the same be said of a regular bank account? This doesn't seem to be unique to crypto.
Targeting the most prominent wallets may garner a bit more attention but the end result seems the same. A large number of individuals can have tainted funds deposited in their accounts creating a logistical nightmare.
You don’t think someone on a sanctions list attempting to transfer funds to an account holder is going to cause them a problem, regardless of whether it’s blocked?
Ethereum accounts don't own tokens in the same way they own ETH. Token balances exist with smart contracts, so when someone sends you booby coin all they are doing is updating the storage in a smart contract that 0x123 owns 1bil booby coin. Indexers like etherscan parse all transaction events and just keep a tally of what smart contracts have your address listed in balances.
By paying to get rid of it all you are doing is paying for etherscan to update its backend that your address is no longer listed in that smart contract. The real solution is to have wallet software that only tracks tokens you care about.
I believe this hyperlink might have a sanctioned address in it, and therefore puts HN and readers at risk of violating US sanctions, or creating reporting requirements, if distributed...
Judges don't run code, so a dusting attack isn't going to magically obfuscate anything. The blockchain record is public and it's clear "to a reasonable person" that this is just a smokescreen.
That's really what's missing from web3: the concept of what a reasonable person [1] would believe - not a code-based contract.
It will result in merely detecting the presence of Tornado activity to be unenforceable, which will then result in "smart" detection (an algorithm for which is up for debate), which will be cat and mouse forever. The law as written doesn't have this reasonable person standard yet.
I really think the OFAC regime made a mistake here. They overplayed their hands and this will result in a bunch of debate and court activity, which may reduce their power in the end. I would have started mass-blacklisting frequent users of Tornado rather than the contracts themselves, and certainly not by-default made Americans criminals who receive Tornado funds. That is clearly unenforceable and will put a magnifying glass on this issue.
You act like Ethereum is some sort of force of nature and the OFAC needs to play by the rules of Ethereum instead of the other way around. If Ethereum as a whole is designed in a way that makes it impossible to enforce current laws, it's more likely that Ethereum will need to adapt to the laws, or eth will be made illegal and anyone caught dealing in eth will be considered to have broken the law.
Governments are not a force of nature either. Sure, they're more likely to win over Eth, but I personally always remain hopeful for change in incumbent systems.
That would probably help if it made it to a judge. If github is willing to ban anybody who ever contributed to a repository (EDIT: or not), what are the odds that some exchange will ban anybody who ever touched a tainted wallet?
Edit: Actually I have to partially walk that back. It's fairly buried in the comments on the other article, but it looks like the GitHub bans were a lot more limited than that. On the other hand, I could still see an exchange taking such an approach, so I'm going to leave this comment because I think the point is still valid.
Let's hope the police, prosecutor and judge, hell, even your lawyer understand any of this.
Meanwhile in Japan, there was a crazy sentence for a crime of using a crypto-currency that has been stolen. Not the real criminal responsible of the theft, but some random idiots who think investing on crypto-currency was a good idea and purchased the token that was a part of stolen token.
I bet these idiots has never run full-node on the computer he owns. He just relies on some SaaS wallet service by somebody else.
No knowledge/criminal intent relating to the act can be a defense (other than for strict liability crimes like statutory rape), ignorance of the law is not.
No, but you can be gifted a shoplifted item and legally defend yourself by demonstrating that you did not know that it was stollen before being gifted to you.
However, the same defense does not protect against confiscation; just criminal liability.
The distinction they're drawing is between ignorance of the law (e.g: you take someone's phone because you didn't know stealing was illegal) and lack of knowledge/criminal intent relating to the act you committed (e.g: you take someone's phone because someone sold you a stolen phone and you were unaware).
Former is what "ignorance of the law is not a valid defence" applies to. Latter can be valid, and particularly in this case I'd find it hard to imagine that those affected by the dusting attack would be found guilty of violating sanctions.
> That's really what's missing from web3: the concept of what a reasonable person [1] would believe - not a code-based contract.
this is fundamentally a social technology, and can be built on top of what exists. it's nearly impossible to bridge the gap from systems built on human judgment (trusted) -> impersonal contractual absolutism (trustless), but the reverse is a simple matter of opting in. you only have to allow others to have rights over your property, and interact with others who do the same.
this is more or less what i would expect to happen over the long term; most people prefer safety and convenience over shouldering the entire burden of security and awareness for every financial transaction. it's vitally important that the option remains available, though.
It's a smokescreen in the case of this attack. But it also sets an important precedent. Because high profile accounts have been hit by this dusting attack, lower profile victims that got hit by the same attack are now much more easily going to be able to use this as a defense in court.
If this hadn't happened to such high profile people, someone in court might be trying to say things like "look, I know my address is on the sanctioned list for money laundering but that's because someone I didn't know paid me", and the judge is going to be skeptical and say "I don't understand this blockchain stuff, but the software from <trusted sanctions partner> says you are guilty of sanctions violations."
You can send a ton of really small transactions (colloquially referred to as "crypto dust") for an insignificant amount of money to innocent wallets from a single tainted wallet. The "tainted wallet" in this case would be one tied to Tornado Cash. The Treasury, having sanctioned TornadoCash, now considers the targeted wallet as having done business with a sanctioned entity.
This is currently uncharted territory. Currently, you can get banned by exchanges if your account has any interaction with mixers like tornado. There's no precedent in regards to how the government views accounts tainted by attacks like this.
What is "your account"? There's no "first-last name, date of birth, ID number" attached to an ethereum account unless an account is on a centralized exchange.
Generating a new account is a matter of 2 seconds.
Can you imagine having some savings in crypto and getting unknowingly dusted by this attack, only to find your Coinbase account and your bank account suddenly frozen a few weeks later and not having any idea why or what to do about it?
Ethereum wallets work like a bank account that anyone can deposit funds into. This dusting attack would be as if, say, Iran or North Korea decided to start depositing a few dollars into every American's checking accounts to try and implicate the entire country's citizenry in financial crime.
Bitcoin has one defense against this attack: coin control. The way Bitcoin works is as if every time you wrote a check, you had to also include a list of all the other checks that the money comes from. So you can technically avoid implicating yourself in financial crime by not writing "payable by Iran/NK super hackerz" on your checks.
> Bitcoin has one defense against this attack: coin control. The way Bitcoin works is as if every time you wrote a check, you had to also include a list of all the other checks that the money comes from. So you can technically avoid implicating yourself in financial crime by not writing "payable by Iran/NK super hackerz" on your checks.
Isn't this terrible for freedom? When I pay with fiat, I don't have to include a list of where that fiat came from.
Why this will cause chaos is that Chainalysis and similar tools for sanctions screening are all / nothing - if the rule was that "anyone who has touched Tornado assets should be banned", then sending small amounts to everyone means that the industry has to ban everyone.
The point is to show the difficulty of using such a blunt tool. By the letter of the law, everyone based in the US is a criminal if they receive Tornado funds, and legally must contact the OFAC office.
Actually, the specific architecture delegates responsibility out to regulated service providers who then set up their infrastructure accordingly. If there are no OFAC compliant service providers in the space, then hoo, boy, are those SP's in for a world of hurt.
Worst case scenario, expect allocation of budget to flesh out requisite infrastrure Congress-soonish, or an RFP for a Call Center/software development contract.
There is a blueprint/SOP for this sort of business, believe it or not. It has been built before. Alarmingly, the "becoming exceedingly efficient at it" never seems to materialize though.
Can somebody more knowledgeable confirm if all your coins will become forever tainted if you are "dusted" like this? As there is no way how to break ever break the paper trail using just bitcoin is only way how to make your coins clean going to monero and back again or something like that?
Are techniques determining if your coins are tainted or not on exchanges where they could be refused or confiscated sophisticated enough to not flag you in cases like these? Even if its possible I imagine its computationally expensive.
Yes. Ethereum does not have coin control[1] which means that your entire ETH balance is inextricably commingled in a dusting attack, whether you like it or not. That's different from Bitcoin, on which you can choose to not spend tainted coin in your wallet (and prove the provenance of your funds).
It is actually worse than you think, the entire account ends up having "interacted" with a "sanctioned" entity :( account owners may be subject 10y in jail if any prosecutor would bring a case. This is true for any tokens and NFTs associated with the account as well as the ETH.
There will be a hotline or process for reporting your having been dusted. You call, let them know, they confirm, they give you special dispensation to move the tainted funds to a burn address most likely. They don't care the ultimate location in which the funds get locked down, only that they do.
That Ethereum allows for disting won't hamper things the least bit. However a lot of customer service is probably going to have to be accommodated, so if you do get dusted, I sure hope that wasn't your only financial lifeline, because it may take a while to work through.
Hotline you describe seems like pure speculation I find unlikely but I have no idea how the law works but few questions naturally come to mind.
Customer of which service? Provided by who? Agreed upon using what contract?
Also having to burn your entire pile of cash because of one spec of dust is really funny.
Ethereum is very different in this regard than Bitcoin.
Ethereum has accounts. So when Ana sends coins to Berta, Berta has no way to leave those coins untouched. As they just raise the amount of coins she owns. So next time Berta sends coins to Charles, it is unclear which coins she sent and if those include Ana's coins.
Bitcoin on the other hand has no accounts. When Ana sends coins to Berta, she just marks those coins as "Can be spent by Berta in the future". Berta can decide to never touch them. When Berta sends coins to Charles, she decides which of her coins she sends.
It is even more complex, as the conditions how the Bitcoins can be spent are defined by little scripts. Even though those scripts are (for now) more restricted than on Ethereum.
So it is not really true that Bitcoins are "on address 17f8..". In reality that means the Bitcoins are locked by a script that demands any transactions must be signed by the secret key that matches public key 17f8...
So in a sense, Bitcoin does not have addresses. It has scripts.
I wonder how Blockchain explorers deal with more complex scripts. For example on blockchain.com one can look up coins by putting an "address" into the search bar. But how would one look up coins that are not locked by a script that puts the coins under control of a certain key? Or a script that puts them under control of multiple keys?
Bitcoin and similar chains use a “UTXO” model that tracks outputs of individual transactions, even when made to the same receiving address. This allows for control of specific coins when spending. ETH doesn’t use UTXO and I don’t believe it has the ability to perform coin control.
Because Bitcoin is more flexible than most people think and offers an ever increasing amount of different transaction types, it is important to read it from top to bottom to get a grasp on it.
It will never be a broad thing, but if a user is worried enough about this they can be careful enough to have plausible deniability, whereas in the Ethereum world it's harder.
Bitcoins can be divided. Ana can take her pile of coins and mark them as "This half can be moved by Berta in the future and the other half can be moved by Charles in the future". Now what was one pile is now two piles.
Bitcoins can be combined. To combine two piles of coins into one, one has to be the owner of both piles.
This is why mixing services work. When you combine and split and recombine and split again, you can theoretically erase provable, one to one links between the inputs and the outputs.
Similarly, miner fees are split off in the same way and combined with actual virgin coins in the block reward, but they're technically all the same in the system. You'd need to layer on a tracking on top to "de-fung" the coins.
In this way, bitcoin and most other cryptos are drastically more fungible in base reality than cash. Each individual cash note is marked with a serial number, making it literally a non fungible token. The only reason cash is considered fungible is because our laws require the justice system to make believe that they are fungible, not because they actually are.
But just because the justice system must consider your cash to be fungible, doesn't mean the base reality of non fungibility can't be easily used. e.g. banks could implement a system to scan each incoming and outgoing serial number on every note they touch, linking them to associated accounts. Even though they can't know how the notes are spread around in meatspace, you can collect a lot of the nodes and do a pretty good job filling in the blanks of how cash moves.
Treating dollars as non-fungible because you might be interested in a particular serial number (and there are people who do this) is equivalent to various "colored coins" schemes on the Bitcoin blockchain, where you treat Bitcoin that's passed through certain wallets as being non-fungible with other Bitcoin. I would not call either of these more or less fungible, because the majority of people who use dollars or Bitcoins don't care about the fungibility beyond maybe "is this stolen property".
Also, because inflation is a systemic part of the fiat money design, the fungible coins become less and less significant over time. In 2022 dollars, a quarter was worth $7.48 in 1913. We removed the half penny from circulation when it was worth more than a modern dime.
This also applies to any law that establishes a lower bound on money subject to some kind of surveillance, like the $10,000 reporting requirement on flights. When that law was passed, $10,000 was worth closer to $70,000 today. Because the value in the law was set statically, every year the slow grinding ratchet of monetary inflation includes more and more people and use cases into its jurisdiction, with barely anybody noticing.
Monetary inflation provides a great mechanism to slowly boil the frog.
I see you are repeating something patently wrong and even adding some equally wrong "spice" to it, like that cash notes are non fungible by design, which is somehow "literally an inseparable part of their physical existence". This despite currency (in any form) predating the formalized concept of fungibility.
Money is fungible by every (literal) definition of the word, whether banknotes or coins. Being fungible doesn't refer to the physical aspect of being absolutely identical but to its value. Money exists to be fungible, fungibility is literally one of the big things that make money work. Going even further, money is probably one of the few things equally fungible whether new or used, and sometimes even old/outdated (think retired currency which can be converted to currency in circulation).
Whether coins or banknotes, they are interchangeable from one to another regardless of serial or the year stamped on them. And almost any other two new "identical" products are just as fungible: two loaves of bread, two planks of wood, two pencils, or two cars (not the case for used products). They're all mass produces, quasi-identical units.
And the serial numbers? They're used mainly for uniquely tracing the note and don't affect the fungibility in any way. The proof? Randomly pick a banknote every time you pay for something. If it works every time either you're the luckiest person in the world, or they're completely fungible.
Because money can be readily traded for anything else it is effectively a joker, equivalent to any other card but with the ability to respond to nearly any situation.
This means people value money itself slightly more than the things you can buy with it. Since money doesn't spoil, this tricks our monkey brain into hoarding the stuff, no matter how much we already have, it is a type of "desire" that can never be saturated. This is known as liquidity preference and since money is worth more than the things it can buy, giving up liquidity must be compensated by paying for the loss of liquidity, this means the minimum interest rate gets stuck at a floor.
When you consider that the optimal interest rate is 0% when markets are saturated we are in a pickle.
So instead we decided that loans create new deposits, we no longer have to ask anyone to give us their money, no one has to give up liquidity, hence why interest rates are below liquidity preference.
Of course the problem with that is that as long as yields are optimal and markets are saturated, you are going to need to expand the money supply. This in itself doesn't necessarily lead to inflation but to stave off deflation, central banks decided to target 2% inflation, this lifts the profitability of companies in the real world closer in line with liquidity preference, in other words, we need inflation to neutralise liquidity preference.
Yes now go ahead and introduce negative interest rates on cash so we can stop messing with the unit of account.
By the way, inflation is a systemic part of any permanent money system, not just fiat.
People mine on Blockchains because they think spending electricity is a better way of getting Bitcoin than trading with existing Bitcoin holders.
People mine new gold because they think it is easier than trading with the existing owners of gold.
Even with a perfectly fixed money supply, there will still be inflation and deflation as people spend their savings faster than others want to save or as people save faster than others want to spend. You can't force eliminate inflation by decree you can only eliminate it through cooperation. The constant up and down price swings of Bitcoin are inflation and deflation. Bitcoin doesn't solve the inflation problem.
There's even a somewhat-unreliable hack to create tokens on the Bitcoin blockchain, called colored coins.
You create a specific transaction sending some number of Satoshis to another key, and then your coloring scheme marks that transaction as "converting" the coins to whatever token you want. The definition of the token is just anything that address spent.
Of course, no Bitcoin users are required to honor the scheme, the colored coins are still valid Bitcoin and can be spent by an unaware wallet. But you can still pretend that they are, say, shares of some DAO or something.
You probably could extend this to NFTs on the Bitcoin blockchain as well.
Fungibility is a subjective concept. Most users consider BTC to be fungible just as most people consider paper bills to be fungible, but that doesn't stop people from collecting bills with specific serial numbers or bills signed by a celebrity, etc.
Still sucks that unwitting people would have to (1) know this is going on and (2) go through the trouble of paying fees to burn the dust / figure out how much they need to burn.
And sure that could work once or twice but if this becomes a regular thing it's most certainly not sustainable.
With being in the IT field for 25 years, I was still on the fence about cryptocurrency. I wasn't for it or against it because it didn't affect me. I understand the arguments for it and against it, along with the privacy aspect of it. However actions like this push me towards being against it.
meh this whole thing is stupid - law enforcement proxies (chainalysis) can trivially ignore the dust in tracking down who's using Tornado to launder material amounts of wealth.
If you have crappy legal representation then sure - but I should hope any decent attorney can show that your a member of a LARGE set including a who's who of upstanding citizens, have a witness (or you) explain to a jury what "dusting" is and that it's harmless. There's maybe even an analogy to prosecuting someone because of trace amounts of cocaine on the bills in their wallet, at a level consistent with everyone's paper bills.
But I'm not gonna say that political dissidents aren't at risk - heck, a government can just plant evidence. I'm just saying that dusting is a low risk.
although you are correct on their ability to enforce prosecutorial discretion, the reality is that the way they exercise that discretion sets precedents in the court of law. It will be very interesting to see how they go about trialing any of the OFAC cases involving Tornado Cash.
I don't think it's so trivial, and it can easily be made much more complicated.
Suppose sanctioned party A pays B, a citizen of Indonesia who lives in Indonesia, $X. B's chain analysis decides that $X is "not material", so they continue using the account, and then transfer C $Y < $X. C's chain analysis decides that $Y is "material". What happens now?
The first question is whether C delivers B the goods B was paying for without demanding an additional form of payment. If so, they have exposed themselves to sanctions from the US, potentially a large problem if they are a US person.
If not, the second question is, do they refund the payment or not? If not, they have defrauded B; if so, they have potentially exposed themselves to additional sanctions from the US.
The third question is, what if A decides to only spend "not material" amounts? They spend a small amount on extra transaction fees, but the sanctions become ineffective.
All this uncertainty about where exactly the line is seems like it could put significant stress on Ethereum's fungibility.
To make it more complicated, consider that we're talking about US$400M here that the OFAC is trying to freeze. That's enough to transfer US$11000 to each of 36000 different accounts, or, more practically, random numbers of thousands of dollars to tens of thousands of different accounts over the next year or two. If the would-be sanctions evaders (who, as R. Nikhil points out in https://rnikhil.com/2022/08/09/tornado-cash-block.html, could include anyone who doesn't want their medical insurance provider to know what OTC drugs they buy, doesn't want their employer to know everything they spend their money on, or wants to donate to a political cause they don't talk about) are willing to spend 30% of their money to unfreeze the rest, they could get a pretty interesting number of people sanctioned with "material amounts of wealth".
By the way, I still remember your grilled portobellos decades later. I'm glad to see you're still out there, and I appreciate the chance to discuss things like this with you.
Back to the thread, I believe "material" is defined by the amount of the source wallets not the destination wallet. But it's also risky to accept large amounts of money from strangers because of the reasonable presumption of a transaction, and best practice to make a good faith effort to return or dispose it (same qty minus transaction costs), which seems trivial in this case.
In theory, regulated exchanges could be required to burn/freeze/hold/return assets that interact with the blacklisted entities. This would abstract all essence of decentralized finance and challenge the principles behind web3 finance, but it is theoretically an option.
Another, and probably better avenue, is for financial institutions and exchanges to implement crypto compliance and tracing tools. Then, using such tools to holistically understand customer's risk. If sanctioned coins represent a very small % of the total flow as well as a one-time occurrence, it's likely the customer was the victim of a dust attack and hence presents little sanction avoidance risk.
UTXO models are actually easier to scale — every Ethereum tx today gets a global state lock, making parallel processing of transactions difficult. Not so for UTXO models.
This is not really how smart contracts work. Cardano uses UTXOs for example and is having big problems due to the fundamental limited scalability of UTXO systems as only one account can interact with a certain contract per block as the UTXO can only be modified once. https://builtoncardano.com/blog/concurrency-and-cardano-a-pr...
>The concurrency issue on Cardano is created because each UTxO, and therefore smart contract associated with it, can only be used once. So each smart contract can only produce one transaction per block. Meaning that only one person can interact with a Cardano smart contract each block, meaning that interactions with many DeFi protocols that want to allow multiple users to interact with a smart contract at the same time (concurrently) will not be possible if implemented in their current format.
There are reasons Ethereum and other more programmable systems were implemented as accounts instead of UTXOs.
Accounts are not more scalable than UTXO, except insofar as it helps patch over the fact that there are almost no ethereum full nodes, and most people running what ethereum enthusiasts generously call "full nodes" are actually running pruned nodes with low security assurances.
This is false. Geth full sync mode has every block with every transaction executed from genesis. What is pruned in 'full sync' mode is the per account/contract history. But since you are executing every transaction from genesis, you can know that you are in fact getting the correct state of the chain. And if you want, you can even do some thing like:
1) Do a full sync with a pruned current state database.
2) Delete the state database, leaving the 'ancient-data' (all the historical, already executed blocks)
3) Unplug the machine from the internet.
4) Restart geth in archive sync mode.
5) And after a while you will have an archive node (all the account history cleanly indexed separately), 100% derived from the blocks you synced in full mode.
Your implication was that full nodes are less secure. That specifically is false.
You do not need to know the full indexed history of an account to know what its current balance is. There is zero loss of security in not knowing what a specific account's balance was 1,000,000 blocks ago if you have executed through every transaction and every block that has ever been committed to the chain.
The loss of security is to the network. When there are only like 12 actual full nodes, the network is effectively centralized.
Also, please stop calling lightweight pruned nodes "full nodes". It's totally dishonest to try to imply the same security level of a bitcoin full node when it's actually a much weaker security model. I know you're not the only person doing this, but nothing is stopping you from using more honest terminology.
>It's totally dishonest to try to imply the same security level of a bitcoin full node when it's actually a much weaker security model.
What precicely is weaker about it? If you think ethereum full nodes have weaker security, what exactly is missing? Full nodes have 100% of the current state, 100% of the the blocks, and 100% of the transactions, and you serve those blocks and transactions to the rest of the network just as easily as an archive node. And if independent verification of the history of a particular account is needed, it can be done, without any dependency on any other archive nodes.
> I know you're not the only person doing this, but nothing is stopping you from using more honest terminology.
You aren't the only btc maxi who hand waives around this bs, nothing is stopping you from being less ignorant.
> Here's a thought experiment for you; why don't you just get rid of all the "archive" nodes?
By all means, do it. Blow them all away. You can still transact on the chain and send or recieve funds from any other valid address or call contract functions just fine. And then anyone who wants to do things like run a block explorer or look at how a particular account's balance has changed over time can resync to an archive node *using only the contents of a full node*. Archive nodes just retain additional account level indexing of what the block history (and all the transactions contained in those blocks) already contains.
> Only if you redefine "current state" to be "not actually the entire state of the blockchain".
'Current state'? At the present time, what is the balance of any abritrary account? What is in the current storage of any arbitrary deployed contract? Full nodes have 100% of that, without querying anything from any other node.
No it doesn't. Archive nodes don't do any consensus-critical operations that pruned nodes don't do. Moreover, non-pruned nodes are a distinct category from archive nodes. An archive node is a non-pruned node that also stores historical snapshots of the state.
The analogous node in Bitcoin would be a full node that stores all copies of past UTXO indexes, instead of discarding the old UTXO index with every new block. Bitcoin doesn't have such nodes, so Ethereum archive nodes offer functionality not even available in Bitcoin.
I would suggest going beyond Bitcoin echo chambers when learning about how Ethereum works. You're not doing yourself any favors being misinformed about projects that compete with Bitcoin.
Users can specify what inputs they are sending in a transaction with lower-level software like the Bitcoin RPC, but a typical wallet does not expose that functionality.
Most retail BTC wallets don't offer the option to select UXTOs. The reality is that a large portion of the real BTC users don't even know what a UXTO means or why they should care. I'm hoping that with everything going on with Tornado Cash and the Russia Sanctions, public awareness on this fact will increase enough to justify adding UXTO selection as a standard for all wallets.
Ethereum has addresses just like Bitcoin has addresses.
You can choose to use a different address for every transaction (more private, less convenient), or you can choose to use the same address for every transaction (less private, more convenient).
A lot of the client software in the Ethereum ecosystem chooses the latter, less private and more convenient, to simulate an "account". But that's a choice, not a requirement, since they're all just addresses.
OP's point is that in Bitcoin there are coins (unspent transaction outputs) that are associated with an address but the receiver can leave them untouched. He can continue and ignore the tained coins from Tornado.
In Ethereum you don't have coins that get associated with an address, the balance of that address increases so in a way that mixes the "coins" with the rest of the "coins" for that address and so the receiver can't put them aside.
Put another way: in Bitcoin you can refuse accepting coins by ignoring them. In Ethereum you can't refuse the funds that someone sends you.
So now that you have funds from a sanctioned entity in your wallet what do you do? One solution would be to send an equal amount to a burn address to show that you never wanted these but it has two problems: it requires one to actively monitor the wallet and know what incoming funds are from some sanctioned entity AND requires you to spend money on a transaction you never wanted to do in the first place. And what if it's a cold wallet. It's a really messy situation.
If the US Gov comes to you and asks you why you received funds from a sanctioned entity it's not enough to claim "But I intend to never use them, I will never let the balance in this address run lower than this amount". You'd have to take some action to actively distance yourself from these funds.
You could do a transaction but I described the problem with that in the previous comment (edited before I saw your edit)
The US Gov could go after you if someone sends tainted coins to a bitcoin address you control, too, and no one knows how the legal arguments for either bitcoin or ethereum are going to shake out until legislation passes or the issues go to the courts.
Yes but in Bitcoin like mentioned you can ignore those coins and never use them. In Ethereum one could argue you are using them whenever you are doing your next transaction because there is no concept of coins that can be differentiated.
It's like the difference between someone telling you the password to some bank account filled with drug money and someone sending you a wire transfer to your bank account plus the bank not being able to prevent it. In the first case you can just forget the password and not touch that account. In the second case suddenly it's on you to know what incoming funds were bad and distance yourself from them (sending back or burning).
In the bitcoin blockchain each transaction includes the originating address, destination address, and amount.
In the ethereum blockchain each transaction includes the originating address, the destination address, and the amount.
Both blockchains have all the information you need to avoid spending tainted coins, and it would depend on the wallet implementation to do that for you.
There are plenty of bitcoin wallets that just present the total coins present in an address and it's on the user to look at the lower layers or use a wallet that does that for you.
This whole thing seems like a distinction without a difference.
Hopefully a judge would see it that way as well, until it's tested in court we'll never know.
In Bitcoin transactions are not just "from", "to" and "amount" even if some wallets abstract them in that way.
In the simplest case there are coins that get marked as being spendable by some public key (address). That's the analogy with the password to a bank account was refering to. As long as you don't make use of that privilege then you can't be reasonably criminally convicted. That doesn't mean law enforcement wont come and ask questions.
In Ethereum it is more like you said where a certain amount is actually credited to an address and at that point cannot be distinguished from other funds in that address.
I agree both systems have enough information to handle the situation but again (I start to feel like a broken record) - there is a clear difference between them in that one needs active work to distance yourself from the funds while the other just requires not touching the tainted coins. You could also in Bitcoin go the extra step and actively burn those coins. Ideally the sanctioning body would provide an address of theirs where tainted coins can be sent and the sender then reimbursed for the fees or even awarded a small amount.
Hopefully a judge would see when someone innocent received tainted funds but it would be a tad more difficult on Ethereum than on Bitcoin.
Thanks for explaining that. I guess I have only used bitcoin wallets that abstract this, and I thought that bitcoin and ethereum were more similar than they actually are (at least when it comes to addresses and transactions).
I tried to search for this before my last post but I just got a bunch of trash results, SEO spam and articles aimed at non technical people.
> In Ethereum you can't refuse the funds that someone sends you.
And in a Mimblewimble blockchain, you can stop someone from sending you coins in the first place, since the receiver needs to sign along with the sender (elaborated on in my other comment).
Let's say I have a stack of 1000 hundred dollar bills.
Then an OFAC-sanctioned individual adds another hundred dollar bill to the stack, to make 1001 hundred dollar bills.
Are you saying if I spend 1000 of those, and leave one hundred dollar bill unspent, but the unspent bill is a different piece of paper with a different serial number than the one provided by the sanctioned individual, then I've broken the law?
But if I knew the serial number of the specific hundred dollar bill provided by the OFAC-sanctioned individual, and didn't spend that exact piece of paper, but just kept it in my wallet, then somehow that makes all the difference and now I haven't broken the law?
Since currency, Ethereum and Bitcoin are all fungible and mutually interchangeable, what difference does it make?
> if I knew the serial number of the specific hundred dollar bill provided by the OFAC-sanctioned individual, and didn't spend that exact piece of paper, but just kept it in my wallet, then somehow that makes all the difference and now I haven't broken the law?
If it's in your wallet you've broken the law. If it magically appeared on your doorstep and you call the FBI, you should be fine. (You'll be investigated.)
Anyone who ever sent to or received from Tornado any funds should be talking to counsel.
Doesn't seem to matter whether I spent the hundred dollar bill with the specific serial number provided by an OFAC-sanctioned individual, or if I kept that serial number in my wallet and spent a different piece of paper, since currency is fungible.
By analogy, there's no practical difference between a balance in an Ethereum address getting dusted with tainted funds, or a Bitcoin address with a tainted UTXO that I don't touch.
Coins in Bitcoin are not necessarily fungible. Tainted coins (from sanctioned individuals, from hacks etc) are traced and for anyone else who has to adhere to for example US law these tainted coins are not of the same value as non-tainted ones. Exchanges might not accept them for example.
Now in Ethereum there are no coins like in Bitcoin and hence you can't taint them. You can taint an address and now if you received funds from a tainted address you get tainted as well. It's infectious and that's the whole idea behind this dusting attack.
Of course law enforcement can use discretion when it's only small amounts of funds but where exactly is the cutoff? What are the exact guidelines when you receive such funds and how do you stay 100% on the right side of the law? And why would a normal user have to care about all of this?
I'm not saying Bitcoin is a lot better than Ethereum in this regard. It's not a great situation in both chains and there will need to be better tools, laws and guidelines to handle these as time goes by.
(Custodial wallets can keep track of bad stuff received since account inception and allow spend of the clean amount only, no fee for on-chain burn required.)
> Ethereum has addresses just like Bitcoin has addresses.
The point is that Bitcoin actually doesn't have addresses/accounts. I think you are modeling this distinction as whether people clump all their money together into a single address/account or use a "wallet" of them (maybe all derived from a single key), but Bitcoin is way more abstract than that: there is no concept of an "address" at the level of Bitcoin itself... that is just a fiction created by an extremely popular way people protect money on Bitcoin. You might also note that Bitcoin tends to talk about different address formats (such as p2pkh), which often come from not merely different ways to serialize the keys but from different ways accounts have been protected with different scripts. In Bitcoin, you can have money that is owned by "anyone who can answer my math riddle" and that's that: unlike in Ethereum, it isn't that the money is owned by an account with an address which has code to restrict access, but the money is a little pile and the most universal "address" you can talk about is the script itself.
Ethereum is designed as blockchain based computation and not as a commodity first, so it doesn't make much sense to use a different address per transaction. You would need a single address/wallet to fund whatever program you're running on the blockchain.
> I wonder how Blockchain explorers deal with more complex scripts. For example on blockchain.com one can look up coins by putting an "address" into the search bar. But how would one look up coins that are not locked by a script that puts the coins under control of a certain key? Or a script that puts them under control of multiple keys?
I used to build blockchain explorers, and the answer is "they usually don't deal with it." Depending on how much resources the operator can devote to it, of couse. Some of the information simply cannot be pulled out because of cryptography, some require graph-like processing. Ethereum was/is a dream to work with compared to UTXO.
Nitpick: A UTXO-based model does not imply the use of unlock scripts. You can have a UTXO blockchain where the only form of address is a simple pubkey hash, for example.
> I wonder how Blockchain explorers deal with more complex scripts. For example on blockchain.com one can look up coins by putting an "address" into the search bar. But how would one look up coins that are not locked by a script that puts the coins under control of a certain key? Or a script that puts them under control of multiple keys?
Essentially, you "send" the Bitcoin to the hash of the script, then whenever a transaction spends those coins it must reveal the script (whose hash must match), as well as some data (normally a digital signature or two) that fulfills the script's conditions.
So, the block explorer doesn't get to deal with it until the coins are spent, up until that point all it knows is a hash, which is represented as beginning with a "3", to differentiate it from the simple single-key addresses that begin with a "1".
When it's spent, a block explorer could show the revealed script contents if it wanted.
One of the most interesting implications of this is that it is a slight vindication of the bitcoin maximalist "bitcoin fixes this" mantra. If a government can't exercise control over your unit of account, it doesn't matter what they sanction.
Of course the "bitcoin" that "fixes this" isn't the one we have in reality -- you can't use it widely and cheaply to transact and it's so volatile as to be useless as the unit of account for anyone with more than a few thousand $ nw.
Avalanche lets you natively bridge bitcoin to their network, and it lets you transact fairly cheaply (think my last transaction was $.15) and their consensus algorithm can reach finality pretty quickly. Typically around 2 seconds. But it also has smart contract support.
> you can't use it widely and cheaply to transact and it's so volatile as to be useless as the unit of account for anyone with more than a few thousand $ nw.
0.1 ETH per address? That's $168 at current prices. Someone is spending a lot of money to prove a point. Where do I sign up to get some of this "dust"?
You can fork the contract but you can't fork the anonymity set. Tornado Cash had 12k different depositors https://dune.com/poma/tornado-cash_1 . If you have 100 clones with 120 users each (maximally decentralized deployment!) the anonymity you get is way worse.
Decentralization is not a singular thing, different aspects of crypto are decentralized others are known to not be. Everyone knows BTC is decentralized, but WBTC is not, but BTC.b probably is. Virtually anything dealing with real-world resources will eventually involve trust and centralization. The US Government has a monopoly on regulating dollars, and if you want to touch dollars legally, you're going to have to comply with their regulations. But having a relationship with a centralized power authority does not negate the entire thing.
Framing this in the context of centralized vs decentralized is wrong. This discussion is more like a discussion of foreign policy. You can think of blockchains as independent sovereignties. They are purely digital economies with a type of digital natural capital, human capital etc, it also has imports, and exports.
To import dollars there must exist a relationship with the US Government, and framing this as a negotiation is more practical than framing it as a technical discussion. We're talking about governece here. Tech is irrelevent. At the end of the day, if crypto wants a better footing, it would benefit from self-regulating itself a bit to gain increased favor with it's foreign trade partners. It would also benefit from increasing it's exports to gain leverage, the trade imbalance that exists today is not doing it any favors.
I agree, that's why I specified the ethereum ecosystem, not just the protocol. For instance, Infura and MetaMask have already blacklisted the OFAC addresses, and those services are critical to the workflows of MANY services in the ecosystem.
Back in the merged mining days of bitcoin/namecoin, there was a lot of worthless namecoin around and you didn't exactly know what to do with it:
So I had the bright idea to go around collecting publicly listed namecoin addresses - bitcointalk signatures, github donation addresses, developers, you name it I think I gathered about 100 addresses
I wrote a bash script and put looped namedcoind to read my text file and send the minimum tx amount to a random address every second....
So that was running in a (detached) screen and I got busy and forgot about... for a few days...
Some folks didn't think that was very funny and called it an "attack"
So you sent less than a penny to github donation addresses ~35 times an hour every hour for days on end? And you were surprised when folks didn't enjoy this spam?
This has always been my idea for how I would try to extract a large amount of money if I ever managed to hack a big Defi protocol. Distract exchanges and regulators by splitting the stolen proceeds into tons of tiny amounts, send most of it to random famous accounts in small chunks, and have some of it go to my accounts which have been set up ahead of time to look like innocuous whales.
with chainanalysis this would never work, eventually you have to pool the coins somewhere or funnel them through an exit, both of which will be obvious with analysis software
If you're okay with losing a decent percentage and have enough addresses that are "warmed" up with other activity, you could create enough ambiguity, no?
It's easy to handle dust transactions. There are many ways of going about it, such as disregarding transactions that have certain parameters. Binance's wallets are not threatened by this.
Anti money laundering laws are similar to attempts to ban encryption because "criminals might use it to plan crimes". Instead of focusing on catching criminals doing illegal things using time honored criminal investigation techniques, the government has chosen to curtail everyone's right to privacy and free speech.
An analogous situation would be if the US government published a list of IP addresses which were known to have sent encrypted traffic, and declared that anyone receiving packets from these addresses (regardless of whether they wanted to or not), might be prosecuted.
Blacklists have been a topic in Bitcoin for ages. The problem with a blacklist is that in principle, identity creation is easy. Tornado team gets just one new address, and it's whack-a-mole time for Treasury.
I doubt this will work out the way Treasury thinks it will.
Isn't the point that legal crypto-fiat gateways will do (some of) the job for them, and ban stuff like that (beyond explicit Treasury bans) voluntarily?
So what? If North Koreans stand outside of the mall and make it rain dolla bills and you pick one up doesn’t mean you are now a criminal. This is dumb as hell
There is no mechanism in crypto to reject incoming funds, and all the top addresses are public.
Anyone could easily send the top 100,000 wallets “tainted” crypto.
reply