Core Bitcoin developer claims ChainAnchor plans to bribe Bitcoin miners to regulate bitcoin

Peter Todd is one of the longest-serving core bitcoin developers remaining; a Canadian with 92 separate contributions to the bitcoin code base to date. He has worked on projects like Colored Coins, Counterparty, and Stealth Addresses, but is best known as someone who  searches for vulnerabilities in the bitcoin system.

Last Thursday, Todd published an article claiming that the MIT ChainAnchor Project is, “in part an attempt to get Bitcoin users to register their real world identities and associate their transactions with those identities.”

“It appears that ChainAnchor has a longer-term plan to bribe and coerce miners into only mining transactions from registered users, eventually prohibiting non-registered users entirely.”
— – Peter Todd

Todd supplied supporting evidence in the form of a leaked document, that has not yet officially been confirmed by ChainAnchor, and a slideshow presentation that is currently published on MIT’s website. The former is a preliminary preview paper of the ChainAnchor whitepaper, dated January 24th. The latter is a PDF-formatted slideshow from February.

The gist of the ChainAnchor system is to ensure that fully-AML-compliant identification is attached to public addresses on a given blockchain, ‘whitelisting’ them, and eventually ensuring that all transactions on that chain are completely transparent and user-traceable.

In the introductory paragraph of the leaked draft of the whitepaper, however, ChainAnchor states that their architecture “adds an identity and privacy-preserving layer above the blockchain, either the private blockchain or the public Blockchain in Bitcoin.”

According to the whitepaper, in order to apply this system to Bitcoin, one merely has to convince bitcoin miners to only accept transactions that are from these whitelisted public IDs. According to the leaked January draft, doing so would simply be a matter of rewarding miners in some additional way, such as a direct monetary reward for compliance.

“In ChainAnchor a successful miner receives a further additional reward for completing a block consisting only of permissioned-transactions.”

• ChainAnchor in ‘Anonymous Identities for Permissioned Blockchains,’ Page 10

The way Bitcoin has been designed normally ensures that miners will want to do the opposite, keeping transactions pseudo-anonymous and processing them quickly. Doing so results in successfully mining more blocks, and therefore winning more of the block rewards.

If Todd is correct, ChainAnchor’s purpose reverses this. “In short, ChainAnchor appears to be attempting to make the existing permissionless Bitcoin block-chain into a centrally controlled, permissioned chain,” states Todd.

ChainAnchor responsed to the allegations by reiterating that their system is not meant for Bitcoin, and is clearly labelled “for permissioned blockchains.”

“We address the issue of identity and access control within shared permissioned blockchains.”
— – ChainAnchor

According to Todd, the ChainAnchor system also carries another major threat, it removes the trustless nature of Bitcoin derived from decentralization. “The privacy of the system is based on trust,” he says about the ChainAnchor system. “The permissions verifier and identity provider can undetectably deanonymize a user by colluding to combine the real-world identity and cryptographic identity information that each side is supposed to keep secret from the other.”

“This means that warrants requesting information on user transactions can be met. It also means that hackers who successfully hack into both servers can potentially deanonymize users’ transactions.”

• Todd

Sources for the leaked documents have not been provided, but Todd mentioned that they came from multiple people. “I’ve obtained leaked copies of their preliminary paper and overview slides from multiple sources, (most recently from MIT themselves)” he said. “I’ve also been contacted by people who alleged that they was approached by the ChainAnchor group for monetary and strategic partnership assistance. These people have given me further (alleged) details on the longer-term goals of the project in the context of Bitcoin.”

Since he has chosen not to name their names, he suggests using this event as a threat model exercise, meaning that developers should treat it like a real attack and prepare a defense against it.

“As defenders – and protocol designers – we have to figure out what kind(s) of miner we’re trying to encourage to achieve our goals, and how to ensure the economic incentives of the system keep those miners profitable.”

• Todd