Saturday, March 5, 2011

Anonymous Money Needs an Anonymous Exchange

By Doctor Nefario
Bitcoin Weekly

One of the choke points in the bitcoin economy is the exchange market. Prior to bitcoin's increase in popularity, to get a hold of some, you could mine, run the bitcoin program and generate some coins. Due to the influx of new people to the economy and technological improvement, mining difficulty has risen to a point that even my own dual core machine would take two years to generate 50 bitcoin. To a large extent, this is the result of miners moving to high powered graphics cards, GPUs which are much more efficient than regular CPUs. However the number of "professional" for-profit miners has increased significantly as the exchange value of bitcoins has risen.

Now, unless you're ready to fork out thousands building a custom made mining rig, your only option to get a hold of some sweet BTC is to buy it or trade for it. As a result, the function played in the economy of the exchanges is crucial. Almost everything coming into the economy or leaving it, must go through the exchanges. Before the exchanges were formalised, bitcoin traders were often known to each other, friends you could say, and would trade bitcoins for cash as described in the diagram below.
picture one
This is how things worked in the early days, where friends with a dollar could buy BTC10,000. Sadly, or happily those days have gone, now you no longer need to know someone in the know or someone who's got BTC to sell. Now there is a place, where all may freely gather and do their dirty bitcoin business. These are the exchanges, and you can see how they work, below.
You can clearly see that nowadays people go to the exchange if the want to swap their precious bitcoins for paper money. The way it usually works is the exchange has a bank account that cash can be transferred into. When you transfer your cash to the exchange, they add it to your account. You can now swap your paper notes (or the numbers representing them) for bitcoins and vice versa. When you're all done and you want out, the exchange will transfer your cash to your own bank account. This process happens for everyone that uses the exchange: it looks something like the diagram below. There are some other combinations of this method using Linden Reserve (as bitcoin-central does), however this is essentially the same as Linden Reserve's bank account is replacing that of the exchange owners. It is for all intents and purposes the same.

That peachy coloured blob with "exchange" written in it represent the exchange owner's bank account. With cash being transferred in and out from other users, and bitcoins being sent in or out (although the bitcoins don't go to the bank account), again by other exchange users. Everything hinges around that one bank account; without it, the whole exchange and all its users cannot conduct their trade.
This system is by far the easiest to set up and operate, however there are a number of issues with operating an exchange out of your personal bank account. The main one being that in many (if not most) countries it is illegal: there are countless rules, requirements and regulations to operating a money exchange. With the exceptions of the few bitcoin exchanges that are setting up in a legitimate manner this leaves the exchanges vulnerable to being shut down: their centralised nature with many users with funds in the account and using it. The effect of a shutdown would be a heavy blow to the bitcoin community, not to mention the users directly affected by the loss of their funds. If one of the major exchanges such as MTGOX or Bitcoin-Central or a number of others were to be shut down colossal damage would be done. It might not cause the price of bitcoins to collapse (after recently hitting parity with the dollar) but it would certainly cause a significant drop.

If the exchanges are the lifeblood of the bitcoin economy, then running them out of personal bank accounts is like living life with a razor blade to your throat, all it takes is a little slip or nick and the damage is done.

A solution is needed to avoid a blood letting - one approach is to take the legitimizing route. Register a business, follow all the laws, rules and regulations required to operate this business. It's a good approach and it says a lot about the efforts of members of the bitcoin community who are doing this. There is another way.

Anonymous exchanges.
With the above model, the identity of anyone who uses the exchange can easily be discovered. It's in the exchanges records, and if you've had money transferred in or out it's in the banks records. For certain the identity of the exchange owner/operator is easily known, they're the person who owns the bank account!

Because it is such an easy target and the effect of shutting down an exchange is multiplied by its popularity, the real danger is not to the customer, but to the exchange. It's the exchange that gets targeted - it's the exchange that gets shut down. Yes, the users who have cash in the exchange lose that, but they lose it because it's the exchange that law enforcement goes after, not the exchange users. So it is clear from looking at this situation that it is the exchange that needs protection; it is the exchange that needs anonymity from its users (after all, if the users don't know who the exchange is, then who does?).

What I am going to describe is a method, a protocol that would allow an exchange, that is trusted by its users and customers to run its operations in total secrecy and anonymity.

The cutout
We need to look to the world of espionage for the piece that will allow us to do this and that is the cutout. In order for our exchange to do business with his customers while keeping his identity secret, he needs a cutout.

This can be provided to us in the form of a bank account provided by the customer. These days account owners can both deposit and withdraw funds to their account using an ATM's automatic deposits and withdrawals. Removing the need for the account owner to actually go in person to a bank branch to make cash deposits or withdrawals. This is a key component to our scheme. It should be noted that the customer would open an account specifically for this, and nothing else.

To use a bank account as a cutout, the customer sends a copy of their ATM card to the exchange (obviously a middle man would need to be used to accomplish this). Once the exchange has the ATM card, the customer can now send money to the exchange. All that needs to be done is deposit the money to the account. Inform the exchange of the deposit and the PIN number for the withdrawal and the exchange operator can then withdraw cash from the account. This would be kept by the exchange operator, who would add the amount to the customers exchange account. The customer can now buy bitcoin. Once the customer wants to cash out they simply inform the exchange operator. He will then, using the ATM card deposit cash into the cutoff account, allowing the customer to withdraw at will (they should do this immediately). The diagram below describes this process.
If we include our trusted third party (trusted by the exchange operator), the above diagram would look like this.
Once the cutout account is set up, the process of depositing or withdrawing funds from the exchange would be secure, convenient, and even faster than using normal banking transfer methods, but most importantly it would protect the exchange and its operators. The above process could scale to many accounts, possibly hundreds, as not all customers would be depositing or withdrawing funds every day.
If the exchange was successful enough the operator would have to employ runners, trusted people to go to ATMs and make numerous withdrawals or deposits. He could have a clearing period, that is at the end of each trading day (say 5pm) the runners would go to different ATMs and make deposits and withdrawals in bulk. It would not be until after the end of the next trading day that cash deposits or withdrawals would be settled.

What of the risk of the exchange being shut down? As long as the middleman, the trusted third party that the exchange operator uses to receive the customers ATM card when their account is opened, does not reveal or does not know the identity of the operator, all is well. The greatest risk then is for the owner of the account, should the authorities attempt to shut down the exchange, they would only be able to target single accounts, which in many cases would be difficult, if not impossible. In the event of a single account being shut down, only that account owner is affected, with the rest of the exchange users remaining unharmed.
Operating issues
There are some issues and details that need to be discussed to ensure the safe operation of the exchange.
  • When depositing or withdrawing from ATMs, the runners/operators face must be concealed as they have cameras;
  • The ATMs used must constantly be changed, they must essentially be random otherwise the operators can be caught;
  • This is for in-country only, running this service across an international border is very likely to get the account shutdown;
  • The exchange operator must be highly reputed and trusted;
  • The exchange operator must be able to find either a highly-trusted third person or one they can remain anonymous to.
Reprinted with permission.

For further reading:
"The system is not inherently illegal", The Times of India, February 20, 2011
"1849: From Gold To Bits - Part 1, GPUs", Dingus, Bitcoin Weekly, February 11, 2011


  1. Fascinating...though cash in the mail seems simpler. If only there were some way to automate the process, things would scale up nicer.

    I wonder how ATMs actually hook up into the banking network to make the withdrawals happen. Perhaps some of that process could be co-opted??

  2. Noble attempt, but a bit naive with respect to the data monitoring and pattern analysis capabilities of banks and regulators (at least in Australia). Any reasonable and consistent volume of transactions out of individual accounts, runners and deposits to exchangers would be easily linked together.

  3. I don't think this is a workable long-term solution. Any lack of autonomy from the customer or the exchange side would ultimately result in a failure.

  4. Fascinating ! I am completely impressed with your solution. It is looking to be long term one. I was bit confused about it but now all confusion has been cleared..thanks..cheers !


Note: Only a member of this blog may post a comment.