Bitcoin Cash Privacy Guide

Learn how to protect your privacy using BCH!

This guide will only focus on tech accessible to the average user so while it might be better to run your own full node, we will keep it simple. Some steps to increase privacy are as easy as using the right software, others like coin management require the user to be informed and more careful with what they’re doing. The basics are covered in this great video "6 Ways To Keep Your Bitcoin Cash Transactions Anonymous" by bitcoin.com.

Transparent ledger

The Bitcoin Cash blockchain is a transparent ledger which means that everyone can see the details of all the transactions: which amount was sent from which address to which other address. Or -to be more technically accurate- which unspent outputs (UTXOs) were used as inputs for the transaction and which new outputs got created. This is because transactions can have many in- and outputs.

To get a better idea of transactions in a transparent ledger it can be helpful to take a look at a few on a blockexplorer.

When bitcoin was first introduced many people thought it had good privacy properties because it was “pseudonymous” meaning that your identity isn’t linked to any address (or output). Later it became more widely understood that the default privacy of bitcoin is actually severely lacking.

A clear advantage of a transparent ledger is that it is trivial for anyone to audit the current supply, this comes at a serious cost to privacy as there is no way to hide the inputs, amounts and outputs of a transaction. It is possible to obfuscate the link between in- and outputs but more on that later.

Privacy needs

It’s important to think about what amount of privacy you want and what your threatmodel is. When privacy is of more importance it’s best to take a look at projects specifically focused on this aspect like Zcash and Monero. The privacy and fungibility benefits come at the cost of auditability (supply soundness) which relies on the correctness of the cryptography used.

To get a better understanding of the Privacy <-> Auditability tradeoff, read this Article.

Another drawback of privacy coins is that running a full validating node that’s keeping track of the whole blockchain is a requirement for trustless privacy. This is not to say that using lightclients can’t be vastly superior to using fully transparent coins but it’s important to understand the tradeoffs.

Get coins anonymously

An important part of maintaining privacy is getting your coins without doing KYC on a exchange which might attempt to trace transactions or pass this data on to others. One great way to get BCH anonymouslyis to earn it directly. Although certainly not possible for everyone this is also a great way of preserving privacy. Another option is to use a peer-to-peer market place where buyers and sellers trade directly with eachother without KYC. These marketplaces can implement non-custodial escrow mechanisms so the platform can mediate when there's disputes but can never take the money for itself, so there is no counterparty risk.

Local Cryptos, the popular peer-to-peer marketplace with non-custodial escrow for BCH is unfotunately closing down.

UTXO management

Because combining UTXOs in one transaction links them together to the sender, it is best practice manually manage and label coins from different destinations. If you acquired some portion of your coins anonymously and another through an exchange for example, it might make sense to keep them separate. Another option is using different walllets, this way UTXOs in different wallets won't be combined.

Doing manual coin selection and labeling is superior to using mutiple wallets because it alows you to be more careful with change. If you only send part of an input to a receiver, the rest is returned to a change adress you control. If you combine the change with an output linked to your identity, this previous spending transaction can also be linked to your identity.

You can try UTXO management in the Electron Cash desktop wallet.

Address reuse

Most wallet are hierarchical deterministic (HD) which means they automatically generate a new address for every time the user wants to receive coins. The ability to reuse addresses is still there for the user and has been re-introduced in some Bitcoin Cash wallets because of SLP tokens and cashaccounts. Users should be aware of the privacy concerns and avoid it if possible.

Imagine you'd only use one address for everything (this is similar to how the account system in ETH works), anyone you pay would be able to see how much money you own and a full history of all the transaction you ever made. Everyone could clearly see all these transactions are made by the same person and the whole transaction history can be linked to your identity if one can be linked.

There’s multiple alternative proposals for reusable address schemes, which solve this privacy problem to varying degrees. None of these are actually available in a user-facing wallet. The privacy of Cashaccounts would be greatly improved if they could be linked to these reusable addresses.

Linkability

Privacy on transparent coins can be enhanced by using tech that obfuscates the link between the in- and outputs of a transaction. These types transactions are built cooperatively with others and the increase in privacy greatly depends on the number of participants. It is visible for everyone that this is such a special privacy transaction. The most well known kind is CoinJoin, a scheme where a number of people all custruct a transaction with all the same anonymized output and chang addresses. Each of the outputs with the anonymized amount could have been linked to any of the inputs, because of this the anonimity set is the number of equal outputs. A trustless form of coinjoin developed on Bitcoin Cash, named cashshuffle.

Since, a groundbreaking new privacy scheme for transparancy coins, called CashFusion, has been developed on BCH (see spec). It retained the same trustlessness characteristics of its predecessor but can make much better privacy guarantees! Tor is part of the cashfusion protocol so that participants retain network privacy.

The Electron Cash desktop wallet is the first to implement cashfusion.

Address leakages

Most lightweight wallets expose a list of your addresses (and thus full transaction history) to the servers it uses as backend. There is some difference is what exactly this backend is – one single server from the wallet, a bunch of different servers or all full nodes- but the general point remains. Only the neutrino wallet wallet for android does not leak your whole list of addresses as it uses special filters to check whether a relevant transaction is in a block and downloads the full block if so. Unfortunately the wallet has become unmaintained and unusable.

The only alternative to this is running your own full node or setting up your own fluctrum server.