There is a privacy issue when using fastBTC. Despite the message diplayed by the DAPP : "Always generate a new deposit address and only use it once"
It always generate the same segwit address. So if you use coinjoin, you have to spend several postmix utxo to same address and that’s not good because of chainanalysis.
So why can’t the DAPP generates a new address for each deposit ?
Another thing, as far as I know when we use the pegout (rBTC => BTC) only the contract and I know the outgoing address, so history of the pegged-out utxo will be unknown ?
Would be good to have a resume of privacy for RSK ecosystem.
Hey @milas thanks for following up to post about this. I have confirmed that indeed FastBTC is generating the same address each time and am looking into this, will follow up when I have more info.
Note that, even if FastBTC were generating a new deposit address each time, your RSK address does not change (unless you manually change it, which could get cumbersome to manage and has its own privacy challenges, but is still possible) so there would still effectively be address re-use. You should consider your RSK address and all bitcoin addresses that transfer funds to it to be part of the same “onchain identity” and therefore all inherently linked together. Of course, there is some plausible deniability in that you could say the bitcoin addresses belong to someone else and they were just sending you some sats, but they are nonetheless still publicly linkable to your RSK address and other bitcoin addresses associated with FastBTC or Powpeg deposits/withdrawals to/from your RSK address.
It is trivial to link FastBTC txs on both the BTC and RBTC side using amount and timing correlation, for both deposits and withdrawals. See above comment about all bitcoin addresses used for RSK deposits/withdrawals being part of the same “onchain identity” as your RSK address.
I agree, currently privacy is lacking, even worse than bitcoin since the general usage pattern of EVM chains is to use the same address for everything (account model vs utxo model). There are a few potential solutions, such as Aztec, Railgun, and Tornado Nova for EVM chains. I’d be excited to see someone bring these kinds of innovative privacy tools to RSK so RSK users can gain privacy for their txs.
I see, so for now the good way to maintain privacy is to never use KYC utxo to send to RSK address. If one of this utxo is not spent entirely, do not spend the change utxo (of your BTC wallet) to a KYC service. And once you get out of RSK to get BTC again, would be wise to mix it again …
Note that, even if FastBTC were generating a new deposit address each time, your RSK address does not change (unless you manually change it, which could get cumbersome to manage and has its own privacy challenges, but is still possible) so there would still effectively be address re-use. You should consider your RSK address and all bitcoin addresses that transfer funds to it to be part of the same “onchain identity”
How can chainanlysis determine my RSK address from my spent utxo ? Because I send an amount to fastBTC address, and the same amount is credited to RSK account address ? Or is there a direct link ?
I’ve heard of Tornado Cash yes, what would be necessary to use it on RSK ? Devs working ?
Effectively, yes, because of the amount and the timing. Also it would be relatively easy to cluster the FastBTC addresses and then link deposits on the BTC side to the RBTC that gets sent on the RSK side.
Yes. We need more dev hands on deck! If you know any good bitcoin privacy / Solidity devs who would want to take this on please have them reach out to me.