The Real Story Behind the MIT ChainAnchor Project for Bitcoin
ChainAnchor is an MIT project that was brought to the attention of the Bitcoin community in late April by Bitcoin Core contributor Peter Todd. In his blog post, Todd questioned whether this project may have been an attempt to bring Anti Money Laundering (AML) and Know Your Customer (KYC) compliance to Bitcoin.
When first asked about why a preliminary version of the ChainAnchor paper discussed Bitcoin, Shrier pointed Bitcoin Magazine to another Reddit comment where he said, “[ChainAnchor] was never intended to apply to Bitcoin. In the course of seven subsequent drafts, we have sought to clarify this.”
When then asked why there are explicit references to implementing ChainAnchor as an overlay on top of the Bitcoin blockchain, Shrier told Bitcoin Magazine, “In a very early draft of the project, its focus on permissioned blockchains was not well explained, which is why we clarified.”
Shrier went on to point to the current version of the ChainAnchor paper, which is more explicit about its use in permissioned ledgers (as opposed to permissionless blockchains such as Bitcoin) and dated two days prior to Todd’s blog post; however, the preliminary draft provided by Todd on his blog stated:
“In the second deployment mode – called the semipermissioned overlay – ChainAnchor is deployed as an overlay above the current permissionless public blockchain in Bitcoin. The goal of the overlay approach is not to create a separate chain, but rather use the current permissionless blockchain to carry permissioned-transactions relating to Users in ChainAnchor in such a way that non-ChainAnchor nodes are oblivious to the transactions belonging to a permissioned-group."
Bitcoin Magazine reached out to David Shrier again in regard to this excerpt specifically, and Shirer clarified, “Rigorous research requires exploring ideas, even ones that don't prove out. The ‘semi-permissioned’ idea wasn't a good idea (in my personal opinion), but one that we explored in the interests of rigor. It's not how the system was designed.”
MIT’s ChainAnchor FAQ says the original draft of the paper “made several mentions of Bitcoin in order to provide both comprehensiveness and familiarity to the reader.”
It’s clear that the latest draft of the ChainAnchor paper is about permissioned blockchains and not Bitcoin, but Todd says multiple anonymous sources have told him the intention is to turn Bitcoin into a permissioned payment platform. Todd speculates that his sources are unable to talk due to nondisclosure agreements (NDA), but Shrier told Bitcoin Magazine, “There are no NDAs around ChainAnchor. We have no idea what he's talking about.”
Regardless of the true intentions of those behind MIT’s ChainAnchor project, the preliminary documents illustrate that the semi-permissioned overlay version of ChainAnchor, which is not found in newer versions of the paper, is a possible exploit for those who wish to attack Bitcoin.
Bribing Bitcoin Miners
Although the idea of Bitcoin miners requiring users to identify themselves in order to use the network may seem ludicrous to some, the preliminary ChainAnchor paper outlines how miners could be coerced into this new, permissioned setup: by bribing them.
The paper stated:
"In the ChainAnchor semi-permissioned overlay a successful miner receives a further additional payment (beyond the new coins and transaction fees in Bitcoin) for completing a block consisting only of permissioned-transactions."
To many, Bitcoin’s main value proposition is its utility in censorship-resistant transactions on the Bitcoin network, but the incentives for miners to protect this feature may be skewed when an outside party offers a bonus for restricting block space access to an approved list of users.
In his recent post, Todd speculated about ChainAnchor’s purpose:
“What’s likely going on here is ChainAnchor is trying to force people to register with their service by making non-compliant transactions from unregistered users cost more and take longer to be confirmed.”
Non-compliant transactions would take longer to confirm because they can be mined only by miners who are not part of the semi-permissioned overlay system.
Todd also added that one of the main concerns he’s heard from his sources is they do not wish to be involved in a scheme that attempts to take monopoly control over Bitcoin transactions. Again, it should be pointed out that the current version of ChainAnchor does not mention applying the concept to Bitcoin at all.
Regardless of ChainAnchor Intentions, This Attack Is Possible
Regardless of the true intentions of the individuals behind the ChainAnchor concept, it’s important to note that this sort of attack is possible today. Indeed, miners get to pick which transactions they wish to include in the next block. In fact, some miners already block certain types of transactions from their mined blocks.
If a miner is offered enough money, he or she may decide to block transactions that aren’t pre-approved by some sort of regulator. Of course, this setup would harm Bitcoin’s fungibility, which is already rather weak. Once transactions are controlled in this manner, it’s questionable whether Bitcoin would fit the definition of money.
Even if a combination of Confidential Transactions and JoinMarket were implemented in Bitcoin by default, it wouldn’t matter because miners would mine only transactions with real-world identities tied to them. At that point, Bitcoin users would have to search for alternatives (likely through a change in proof of work) that would resist these sorts of advances from bad actors.
When asked whether this attack could work in practice, Todd told Bitcoin Magazine:
“It's hard to predict ‒ exchanges could be forced into this scheme, at which point it'd be easy to get a subset of miners to start mining only permissioned blocks.”
When asked whether a change in proof of work (PoW) could ultimately block this sort of attack, Todd stated:
“Don't assume that's an easy thing to do; changing the PoW would be chaos, and could easily be engineered to be part of a 51 percent attack. When you change the PoW, you have to ask, who is in the best position to mine the new chain? If the new PoW isn't ASIC hard, it's very easy to temporarily rent or steal a large amount of computing power to attack it.”
Todd added, “If it is best mined on ASICs however, it's quite plausible that the new PoW algorithm will be chosen maliciously to match something someone has a big supply of ASICs for, again, a 51 percent attack.”
Although Todd is concerned with the implications of a permissioned overlay built on top of Bitcoin, one of the ChainAnchor paper’s co-authors, MIT Internet Trust Consortium Technical Director Thomas Hardjono, told Bitcoin Magazine:
“Part of how we helped establish the impracticality of ChainAnchor for an overlay on Bitcoin was ... the incentive to focus on compliant transactions. A miner would have to wait for such transactions to show up. Waiting means they lose money doing nothing (while other miners make money doing the usual mining of ordinary transactions.) This also helped reinforce our thinking as to why ChainAnchor was only feasible on permissioned blockchains."
When asked about Hardjono’s comments, Todd generally agreed, telling Bitcoin Magazine:
“It's really quite simple: Bribing miners happens after you get some initial volume (e.g. driven by exchanges joining the system.) Taken at face value, it's stupid, too, as there's no technical reason for miners to exclusively mine permissioned transactions.”
Is Centralization Bitcoin’s Biggest Weakness?
Although this sort of attack is likely possible even with a much more decentralized group of Bitcoin miners, this sort of coercion is much easier when there are only a handful of people who have to be convinced to bring permissioned-access to Bitcoin’s supposedly permissionless network.
Todd has discussed the issues related to the centralization of Bitcoin mining quite often in the past, and in his post about ChainAnchor, he wrote:
“What’s interesting about this threat is the attacker is trying to change the composition of the mining community itself from less to more regulated, using profitability as a weapon. As defenders ‒ and protocol designers ‒ we have to figure out what kind(s) of miner we’re trying to encourage to achieve our goals, and how to ensure the economic incentives of the system keep those miners profitable.”
A solution to Bitcoin’s mining centralization problem is not entirely clear, but some members of the community, such as 21, believe the mining process will eventually become massively distributed and decentralized once again.
There has been speculation as to whether Bitcoin Foundation Chief Scientist Gavin Andresen may be involved with this project. Andresen responded to this claim directly in a recent Reddit Ask Me Anything (AMA) by stating, “I have never heard of ChainAnchor until this question. I don’t have any relationships with any projects that are working on digital identity.”
If you wish to learn more about ChainAnchor, some MIT Connection Science team members will be participating in an AMA on the /r/Bitcoin subreddit on May 3 at 5 p.m. Eastern.