ChainAnchor is an MIT project that was brought to the attention of the Bitcoin community in late April by Bitcoin Core contributor Peter Todd. In his blog post, Todd questioned whether this project may have been an attempt to bring Anti Money Laundering (AML) and Know Your Customer (KYC) compliance to Bitcoin.
MIT Connection Science Managing Director David L. Shrier responded to Toddโs blog post directly on Reddit, saying, โChainAnchor was never intended for [B]itcoin.โ
When first asked about why a preliminary version of the ChainAnchor paper discussed Bitcoin, Shrier pointed Bitcoin Magazine to another Reddit comment where he said, โ[ChainAnchor] was never intended to apply to Bitcoin. In the course of seven subsequent drafts, we have sought to clarify this.โ
When then asked why there are explicit references to implementing ChainAnchor as an overlay on top of the Bitcoin blockchain, Shrier told Bitcoin Magazine, โIn a very early draft of the project, its focus on permissioned blockchains was not well explained, which is why we clarified.โ
Shrier went on to point to the current version of the ChainAnchor paper, which is more explicit about its use in permissioned ledgers (as opposed to permissionless blockchains such as Bitcoin) and dated two days prior to Toddโs blog post; however, the preliminary draft provided by Todd on his blog stated:
โIn the second deployment mode โ called the semipermissioned overlay โ ChainAnchor is deployed as an overlay above the current permissionless public blockchain in Bitcoin. The goal of the overlay approach is not to create a separate chain, but rather use the current permissionless blockchain to carry permissioned-transactions relating to Users in ChainAnchor in such a way that non-ChainAnchor nodes are oblivious to the transactions belonging to a permissioned-group.โ
Bitcoin Magazine reached out to David Shrier again in regard to this excerpt specifically, and Shirer clarified, โRigorous research requires exploring ideas, even ones that donโt prove out. The โsemi-permissionedโ idea wasnโt a good idea (in my personal opinion), but one that we explored in the interests of rigor. Itโs not how the system was designed.โ
MITโs ChainAnchor FAQ says the original draft of the paper โmade several mentions of Bitcoin in order to provide both comprehensiveness and familiarity to the reader.โ
Itโs clear that the latest draft of the ChainAnchor paper is about permissioned blockchains and not Bitcoin, but Todd says multiple anonymous sources have told him the intention is to turn Bitcoin into a permissioned payment platform. Todd speculates that his sources are unable to talk due to nondisclosure agreements (NDA), but Shrier told Bitcoin Magazine, โThere are no NDAs around ChainAnchor. We have no idea what heโs talking about.โ
Regardless of the true intentions of those behind MITโs ChainAnchor project, the preliminary documents illustrate that the semi-permissioned overlay version of ChainAnchor, which is not found in newer versions of the paper, is a possible exploit for those who wish to attack Bitcoin.
Bribing Bitcoin Miners
Although the idea of Bitcoin miners requiring users to identify themselves in order to use the network may seem ludicrous to some, the preliminary ChainAnchor paper outlines how miners could be coerced into this new, permissioned setup: by bribing them.
The paper stated:
โIn the ChainAnchor semi-permissioned overlay a successful miner receives a further additional payment (beyond the new coins and transaction fees in Bitcoin) for completing a block consisting only of permissioned-transactions.โ
To many, Bitcoinโs main value proposition is its utility in censorship-resistant transactions on the Bitcoin network, but the incentives for miners to protect this feature may be skewed when an outside party offers a bonus for restricting block space access to an approved list of users.
In his recent post, Todd speculated about ChainAnchorโs purpose:
โWhatโs likely going on here is ChainAnchor is trying to force people to register with their service by making non-compliant transactions from unregistered users cost more and take longer to be confirmed.โ
Non-compliant transactions would take longer to confirm because they can be mined only by miners who are not part of the semi-permissioned overlay system.
Todd also added that one of the main concerns heโs heard from his sources is they do not wish to be involved in a scheme that attempts to take monopoly control over Bitcoin transactions. Again, it should be pointed out that the current version of ChainAnchor does not mention applying the concept to Bitcoin at all.
Regardless of ChainAnchor Intentions, This Attack Is Possible
Regardless of the true intentions of the individuals behind the ChainAnchor concept, itโs important to note that this sort of attack is possible today. Indeed, miners get to pick which transactions they wish to include in the next block. In fact, some miners already block certain types of transactions from their mined blocks.
If a miner is offered enough money, he or she may decide to block transactions that arenโt pre-approved by some sort of regulator. Of course, this setup would harm Bitcoinโs fungibility, which is already rather weak. Once transactions are controlled in this manner, itโs questionable whether Bitcoin would fit the definition of money.
Even if a combination of Confidential Transactions and JoinMarket were implemented in Bitcoin by default, it wouldnโt matter because miners would mine only transactions with real-world identities tied to them. At that point, Bitcoin users would have to search for alternatives (likely through a change in proof of work) that would resist these sorts of advances from bad actors.
When asked whether this attack could work in practice, Todd told Bitcoin Magazine:
โItโs hard to predict โ exchanges could be forced into this scheme, at which point itโd be easy to get a subset of miners to start mining only permissioned blocks.โ
When asked whether a change in proof of work (PoW) could ultimately block this sort of attack, Todd stated:
โDonโt assume thatโs an easy thing to do; changing the PoW would be chaos, and could easily be engineered to be part of a 51 percent attack. When you change the PoW, you have to ask, who is in the best position to mine the new chain? If the new PoW isnโt ASIC hard, itโs very easy to temporarily rent or steal a large amount of computing power to attack it.โ
Todd added, โIf it is best mined on ASICs however, itโs quite plausible that the new PoW algorithm will be chosen maliciously to match something someone has a big supply of ASICs for, again, a 51 percent attack.โ
Although Todd is concerned with the implications of a permissioned overlay built on top of Bitcoin, one of the ChainAnchor paperโs co-authors, MIT Internet Trust Consortium Technical Director Thomas Hardjono, told Bitcoin Magazine:
โPart of how we helped establish the impracticality of ChainAnchor for an overlay on Bitcoin was โฆ the incentive to focus on compliant transactions. A miner would have to wait for such transactions to show up. Waiting means they lose money doing nothing (while other miners make money doing the usual mining of ordinary transactions.) This also helped reinforce our thinking as to why ChainAnchor was only feasible on permissioned blockchains.โ
When asked about Hardjonoโs comments, Todd generally agreed, telling Bitcoin Magazine:
โItโs really quite simple: Bribing miners happens after you get some initial volume (e.g. driven by exchanges joining the system.) Taken at face value, itโs stupid, too, as thereโs no technical reason for miners to exclusively mine permissioned transactions.โ
Is Centralization Bitcoinโs Biggest Weakness?
Although this sort of attack is likely possible even with a much more decentralized group of Bitcoin miners, this sort of coercion is much easier when there are only a handful of people who have to be convinced to bring permissioned-access to Bitcoinโs supposedly permissionless network.
Todd has discussed the issues related to the centralization of Bitcoin mining quite often in the past, and in his post about ChainAnchor, he wrote:
โWhatโs interesting about this threat is the attacker is trying to change the composition of the mining community itself from less to more regulated, using profitability as a weapon. As defenders โ and protocol designers โ we have to figure out what kind(s) of miner weโre trying to encourage to achieve our goals, and how to ensure the economic incentives of the system keep those miners profitable.โ
Ironically, Blockstream mathematician Andrew Poelstra recently warned about the threat that centralization of mining is to Bitcoinโs censorship resistance at the 2016 MIT Bitcoin Expo.
A solution to Bitcoinโs mining centralization problem is not entirely clear, but some members of the community, such as 21, believe the mining process will eventually become massively distributed and decentralized once again.
There has been speculation as to whether Bitcoin Foundation Chief Scientist Gavin Andresen may be involved with this project. Andresen responded to this claim directly in a recent Reddit Ask Me Anything (AMA) by stating, โI have never heard of ChainAnchor until this question. I donโt have any relationships with any projects that are working on digital identity.โ
If you wish to learn more about ChainAnchor, some MIT Connection Science team members will be participating in an AMA on the /r/Bitcoin subreddit on May 3 at 5 p.m. Eastern.
